The suspend2 key is not a 4096 bit key:
$ gpg --with-fingerprint --keyid-format long SUSPEND2-RPM-KEY pub 1024R/86A0081B22B2951D
But I see the same problems with the kernel-tuxonice on my Fedora 10. But this is another bug then the one I reported:
Unsigned package: http://till.fedorapeople.org/4096-RSA-rpm-bug/obsoletes-test-1-1.tillf8.noarch.rpm.unsigned
Signed package: http://till.fedorapeople.org/4096-RSA-rpm-bug/obsoletes-test-1-1.tillf8.noarch.rpm
Public Key: http://till.fedorapeople.org/4096-RSA-rpm-bug/RPM-GPG-KEY-opensource-till-name-2007-06-22
Steps to reproduce: This uses a local rpm database in $PWD/rpm-db to make it possible to reproduce this without being root or compromising the own rpm database with untrusted keys:
1. rpm --verbose --dbpath $PWD/rpm-db --import http://till.fedorapeople.org/4096-RSA-rpm-bug/RPM-GPG-KEY-opensource-till-name-2007-06-22
2. LANG=C rpm --verbose --dbpath $PWD/rpm-db --checksig http://till.fedorapeople.org/4096-RSA-rpm-bug/obsoletes-test-1-1.tillf8.noarch.rpm
http://till.fedorapeople.org/4096-RSA-rpm-bug/obsoletes-test-1-1.tillf8.noarch.rpm: Header V4 RSA/SHA512 signature: BAD, key ID 1c109517 Header SHA1 digest: OK (b3398044a25fe5bc5e4c5bded44c0dd5d10e13db) V4 RSA/SHA512 signature: BAD, key ID 1c109517 MD5 digest: OK (f16dd8cfcf437beb6d467e4f652c6bbd)
3. LANG=C rpm --verbose -qip http://till.fedorapeople.org/4096-RSA-rpm-bug/obsoletes-test-1-1.tillf8.noarch.rpm
error: http://till.fedorapeople.org/4096-RSA-rpm-bug/obsoletes-test-1-1.tillf8.noarch.rpm: Header V4 RSA/SHA512 signature: BAD, key ID 1c109517 error: http://till.fedorapeople.org/4096-RSA-rpm-bug/obsoletes-test-1-1.tillf8.noarch.rpm: not an rpm package (or package manifest)
Here is also a sha1 signed rpm package, that does not work: http://till.fedorapeople.org/4096-RSA-rpm-bug/obsoletes-test-1-1.tillf8.noarch.rpm.sha1signed
The suspend2 key is not a 4096 bit key:
$ gpg --with-fingerprint --keyid-format long SUSPEND2-RPM-KEY 2B2951D
pub 1024R/86A0081B2
But I see the same problems with the kernel-tuxonice on my Fedora 10. But this is another bug then the one I reported:
Unsigned package: till.fedorapeop le.org/ 4096-RSA- rpm-bug/ obsoletes- test-1- 1.tillf8. noarch. rpm.unsigned
http://
Signed package: till.fedorapeop le.org/ 4096-RSA- rpm-bug/ obsoletes- test-1- 1.tillf8. noarch. rpm
http://
Public Key: till.fedorapeop le.org/ 4096-RSA- rpm-bug/ RPM-GPG- KEY-opensource- till-name- 2007-06- 22
http://
Steps to reproduce:
This uses a local rpm database in $PWD/rpm-db to make it possible to reproduce this without being root or compromising the own rpm database with untrusted keys:
1. rpm --verbose --dbpath $PWD/rpm-db --import http:// till.fedorapeop le.org/ 4096-RSA- rpm-bug/ RPM-GPG- KEY-opensource- till-name- 2007-06- 22
2. LANG=C rpm --verbose --dbpath $PWD/rpm-db --checksig http:// till.fedorapeop le.org/ 4096-RSA- rpm-bug/ obsoletes- test-1- 1.tillf8. noarch. rpm
http:// till.fedorapeop le.org/ 4096-RSA- rpm-bug/ obsoletes- test-1- 1.tillf8. noarch. rpm: bc5e4c5bded44c0 dd5d10e13db) eb6d467e4f652c6 bbd)
Header V4 RSA/SHA512 signature: BAD, key ID 1c109517
Header SHA1 digest: OK (b3398044a25fe5
V4 RSA/SHA512 signature: BAD, key ID 1c109517
MD5 digest: OK (f16dd8cfcf437b
3. till.fedorapeop le.org/ 4096-RSA- rpm-bug/ obsoletes- test-1- 1.tillf8. noarch. rpm
LANG=C rpm --verbose -qip http://
error: http:// till.fedorapeop le.org/ 4096-RSA- rpm-bug/ obsoletes- test-1- 1.tillf8. noarch. rpm: Header V4 RSA/SHA512 signature: BAD, key ID 1c109517 till.fedorapeop le.org/ 4096-RSA- rpm-bug/ obsoletes- test-1- 1.tillf8. noarch. rpm: not an rpm package (or package manifest)
error: http://
Here is also a sha1 signed rpm package, that does not work: till.fedorapeop le.org/ 4096-RSA- rpm-bug/ obsoletes- test-1- 1.tillf8. noarch. rpm.sha1signed
http://