Bug 1128408 - GnuPG KEypair generation procedure gives wrong advice for key type
Summary: GnuPG KEypair generation procedure gives wrong advice for key type
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Docs Getting Started Guide
Version: 560
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Dan Macpherson
QA Contact: Dan Macpherson
URL:
Whiteboard:
Depends On:
Blocks: sat-docs
TreeView+ depends on / blocked
 
Reported: 2014-08-10 07:56 UTC by Fred van Zwieten
Modified: 2015-09-16 02:34 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-09-16 02:34:39 UTC


Attachments (Terms of Use)

Description Fred van Zwieten 2014-08-10 07:56:45 UTC
Description of problem:
In par. 4.2.1 it says to use key type 2 (DSA and Elgamal) for the key. This results in a unverifyable V4 signature:
error: skipping package rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm with unverifiable V4 signature

Using key type 1 (RSA and RSA) gives a better result:
[root@node1 ~]# rpm --checksig -v rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm:
    Header V4 RSA/SHA1 Signature, key ID 6dc06f30: OK
    Header SHA1 digest: OK (0568898722e26e5df2c25fe239b72ac98667a66d)
    V4 RSA/SHA1 Signature, key ID 6dc06f30: OK
    MD5 digest: OK (05ef84979d583bd5c7b81e8dede72433)


Version-Release number of selected component (if applicable):
RHEL 6.5 x68_64

How reproducible:
See steps v

Steps to Reproduce:
1. Follow par 4.2.1 and 4.2.2 to the letter on a RHEL 6.5 box
2.
3.

Actual results:
error: skipping package rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm with unverifiable V4 signature

Expected results:
rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm:
    Header V4 RSA/SHA1 Signature, key ID 6dc06f30: OK
    Header SHA1 digest: OK (0568898722e26e5df2c25fe239b72ac98667a66d)
    V4 RSA/SHA1 Signature, key ID 6dc06f30: OK
    MD5 digest: OK (05ef84979d583bd5c7b81e8dede72433)

Additional info:
See http://localsteve.wordpress.com/2013/02/06/signing-rpms-cause-unverifiable-v4-signatures-and-extreme-frustration/


Note You need to log in before you can comment on or make changes to this bug.