Description of problem:
When I sign a package with a 4096bit RSA key, rpm does not complain, but rpm
reports, that the signature is invalid when checking it.
Version-Release number of selected component (if applicable):
rpm-4.4.2.2-7.fc8
How reproducible:
always
Steps to Reproduce:
1. create 4096 bit RSA keys with gpg
2. sign a rpm package with this key with "rpm --addsign *.rpm" (~/.rpmacros may
need to be setup)
3. import public gpg into rpm: "rpm --import path/to/public-gpg-key"
4. verify signature: "rpm --checksig *.rpm"
Actual results:
[...]
V3 RSA/SHA1 signature: BAD, key ID abcdefg
[...]
Expected results:
rpm should report the signature as OK or deny to sign the package when it cannot
handle it and mention this in the documentation.
Description of problem:
When I sign a package with a 4096bit RSA key, rpm does not complain, but rpm
reports, that the signature is invalid when checking it.
Version-Release number of selected component (if applicable):
rpm-4.4.2.2-7.fc8
How reproducible:
always
Steps to Reproduce: public- gpg-key"
1. create 4096 bit RSA keys with gpg
2. sign a rpm package with this key with "rpm --addsign *.rpm" (~/.rpmacros may
need to be setup)
3. import public gpg into rpm: "rpm --import path/to/
4. verify signature: "rpm --checksig *.rpm"
Actual results:
[...]
V3 RSA/SHA1 signature: BAD, key ID abcdefg
[...]
Expected results:
rpm should report the signature as OK or deny to sign the package when it cannot
handle it and mention this in the documentation.