using a subkey to sign a package

zhong ming wu mr.z.m.wu at
Sat Jul 28 01:11:39 UTC 2012


I can use a gpg private master key to sign rpm package and 'rpm -K' confirm
signature is good; this is of course after doing rpm --import

What I really like to do is to sign with a signing sub key. I managed to
sign ok and also rpm --import went ok. But 'rpm -K' does not return OK. I
believe that when I did rpm --import rpm might be importing the wrong key.
If anyone here has any experience in this matter I would appreciate any
hints.  I essentially followed the steps found on because I thought the same idea should apply
to rpm signing

I have also used the exported secret sub key to sign a non-rpm file and
verified using it's public key. (All this is done in two additional
separate accounts distinct from where master key was managed)

If you also know a way to search the archives of this list, can you please
let me know

I am using centos 6 for gpg and rpm stuff


Z M Wu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Rpm-list mailing list