rpm signing and verfiy with self signed certificate

Lubos Kardos lkardos at redhat.com
Thu Aug 27 07:52:18 UTC 2015


I am not sure if I understand your question, but rpm uses gpg keys for signing,
you can use the command rpmsign to sign rpm packages. You can verify if rpm
package is signed by the command "rpmkeys --checksig" or "rpmkeys -K".
Verification is performed against keys that are stored in rpm database or
against keys located in directory defined by %{_keyringpath} if %{_keyringpath}
is defined. If the key is unknown for rpm, a error is displayed. A key with
which a package is signed must be directly known for rpm (must be in rpm
database or in %{_keyringpath} directory), it is not enough if that key is
signed with some key known for rpm (no chain of trust). You can import key into
rpm database by the command "rpmkeys --import".

I am not sure if this answers your question, If no, please could you explain
in a little more detail what your are trying to do?


----- Original Message -----
> From: "Divya Vyas" <edivya.vyas at gmail.com>
> To: rpm-list at lists.rpm.org
> Sent: Monday, August 24, 2015 7:07:25 AM
> Subject: rpm signing and verfiy with self signed certificate
> Hi,
> I am signing rpms in the rpm database using public key/private key for
> signing the rpms and verify on target. If public key is not available, error
> is thrown that public key not available.
> I am using below steps:
> https://iuscommunity.org/pages/CreatingAGPGKeyandSigningRPMs.html
> Now I am looking for certificate verification for signed rpms. Which
> certificate technique should I use for host identity? How can I ask rpm or
> gpg to check the certificate on given path and if not available then show me
> the error or warning?
> Thanks,
> _______________________________________________
> Rpm-list mailing list
> Rpm-list at lists.rpm.org
> http://lists.rpm.org/mailman/listinfo/rpm-list

More information about the Rpm-list mailing list