Comment 3 for bug 913629

Right, there's a missing error message or two somewhere, but the underlying problem is that NSS doesn't support "extended DSA" from FIPS 186-3. In more practical terms, it means that rpm doesn't support DSA with > 1024 key sizes, whereas GPG apparently defaults to 2048bits nowadays.

Here's the NSS bug: https://bugzilla.mozilla.org/show_bug.cgi?id=475578, doesn't seem to be a whole lot happening on it :-/

In the meanwhile, either limit the DSA key to 1024 bits or use RSA keys.