using a subkey to sign a package

zhong ming wu mr.z.m.wu at gmail.com
Sat Jul 28 01:11:39 UTC 2012


Hello

I can use a gpg private master key to sign rpm package and 'rpm -K' confirm
signature is good; this is of course after doing rpm --import

What I really like to do is to sign with a signing sub key. I managed to
sign ok and also rpm --import went ok. But 'rpm -K' does not return OK. I
believe that when I did rpm --import rpm might be importing the wrong key.
If anyone here has any experience in this matter I would appreciate any
hints.  I essentially followed the steps found on
http://wiki.debian.org/subkeys because I thought the same idea should apply
to rpm signing

I have also used the exported secret sub key to sign a non-rpm file and
verified using it's public key. (All this is done in two additional
separate accounts distinct from where master key was managed)

If you also know a way to search the archives of this list, can you please
let me know

I am using centos 6 for gpg and rpm stuff

Sincerely

Z M Wu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-list/attachments/20120727/f3db0bce/attachment.html>


More information about the Rpm-list mailing list