© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Description of problem:
When I sign a package with a 4096bit RSA key, rpm does not complain, but rpm
reports, that the signature is invalid when checking it.
Version-Release number of selected component (if applicable):
rpm-4.4.2.2-7.fc8
How reproducible:
always
Steps to Reproduce:
1. create 4096 bit RSA keys with gpg
2. sign a rpm package with this key with "rpm --addsign *.rpm" (~/.rpmacros may
need to be setup)
3. import public gpg into rpm: "rpm --import path/to/
4. verify signature: "rpm --checksig *.rpm"
Actual results:
[...]
V3 RSA/SHA1 signature: BAD, key ID abcdefg
[...]
Expected results:
rpm should report the signature as OK or deny to sign the package when it cannot
handle it and mention this in the documentation.