diff --git a/.gitignore b/.gitignore
index c61f0a3..6125c9f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@
 /948F158A4E76A27BF3D07532DF42C170B34DBA77
 /strongswan-5.9.5.tar.bz2
 /strongswan-5.9.5.tar.bz2.sig
+/STRONGSWAN-RELEASE-PGP-KEY
diff --git a/sources b/sources
index d4f7516..afd1af0 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (948F158A4E76A27BF3D07532DF42C170B34DBA77) = 06bd38aff77f028db7ad2dd775e9a406f677f11c6abc66a201727e7fed77b9cc6998e6fd8cc21d4081dbb9058c5c68caace328e2759bd0bd2439b69da1b59775
-SHA512 (strongswan-5.9.5.tar.bz2) = 3b11c4edb1ffccf0ea5b8b843acfe2eb18dcd3857fc2818b8481c4febe7959261e1b2804c3af29068319df469fa0b784682d3ba4d49a3eb580841ff3c34e33a1
 SHA512 (strongswan-5.9.5.tar.bz2.sig) = 377889158484968d33b70a2a8ae149432191bc4614a2c5c3865eea1170bee1bae8ccf844d41ea5b4a087d300cc0967cba3aec6255c33976be060022871e094c5
+SHA512 (strongswan-5.9.5.tar.bz2) = 3b11c4edb1ffccf0ea5b8b843acfe2eb18dcd3857fc2818b8481c4febe7959261e1b2804c3af29068319df469fa0b784682d3ba4d49a3eb580841ff3c34e33a1
+SHA512 (STRONGSWAN-RELEASE-PGP-KEY) = 2803ebc9bdbbe88e19b75130ad9cc36af730fd3d0c9055665da99ce9b831ce518b0083f98389e6fb9b00dd62da28fcbb03df5dbf899df52b59d49c6bd34c6d37
diff --git a/strongswan.spec b/strongswan.spec
index 17f2e91..3df1eff 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -14,13 +14,13 @@
 
 Name:           strongswan
 Version:        5.9.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        An OpenSource IPsec-based VPN and TNC solution
 License:        GPLv2+
 URL:            http://www.strongswan.org/
 Source0:        http://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2
 Source1:        http://download.strongswan.org/strongswan-%{version}%{?prerelease}.tar.bz2.sig
-Source2:        https://keys.openpgp.org/vks/v1/by-fingerprint/948F158A4E76A27BF3D07532DF42C170B34DBA77
+Source2:        https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY
 Source3:        tmpfiles-strongswan.conf
 Patch0:         strongswan-5.6.0-uintptr_t.patch
 
@@ -139,8 +139,7 @@ for Strongswan runtime configuration from perl applications.
 
 
 %prep
-# key is failing - investigating
-#{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -n %{name}-%{version}%{?prerelease} -p1
 
 %build
@@ -411,6 +410,9 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/strongswan-starter.co
 %endif
 
 %changelog
+* Tue Jan 25 2022 Paul Wouters <paul.wouters@aiven.io> - 5.9.5-2
+- Use newly published/cleaned strongswan gpg key
+
 * Mon Jan 24 2022 Paul Wouters <paul.wouters@aiven.io> - 5.9.5-1
 - Resolves rhbz#2044361 strongswan-5.9.5 is available (CVE-2021-45079)