Comment 11 for bug 635868

The algorithms implemented (@rpm5.org, I don't use Fedora rpm) verify
with RSA/SHA1 using 1024/2048/4096 bit keys and the NSS implementation
through the clearsigned signature(...) probe dependency.

And I suspect that a *.rpm package signed with a V3 rather than a V4 gpg
signature using RSA/MD5 will verify correctly.

However, there appears to be an issue with RSA fingerprint generation, the V4 fingerprint
is defined differently than the V3 fingerprint for RSA keys, and so pubkeys are
not being retrieved correctly.

There's also apparently a flaw with the plaintext used for RSA signatures.