Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1128408

Summary: GnuPG KEypair generation procedure gives wrong advice for key type
Product: Red Hat Satellite 5 Reporter: Fred van Zwieten <fvzwieten>
Component: Docs Getting Started GuideAssignee: Dan Macpherson <dmacpher>
Status: CLOSED CURRENTRELEASE QA Contact: Dan Macpherson <dmacpher>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 560CC: mmurray
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-16 02:34:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1018166    

Description Fred van Zwieten 2014-08-10 07:56:45 UTC 
Description of problem:
In par. 4.2.1 it says to use key type 2 (DSA and Elgamal) for the key. This results in a unverifyable V4 signature:
error: skipping package rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm with unverifiable V4 signature

Using key type 1 (RSA and RSA) gives a better result:
[root@node1 ~]# rpm --checksig -v rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm:
    Header V4 RSA/SHA1 Signature, key ID 6dc06f30: OK
    Header SHA1 digest: OK (0568898722e26e5df2c25fe239b72ac98667a66d)
    V4 RSA/SHA1 Signature, key ID 6dc06f30: OK
    MD5 digest: OK (05ef84979d583bd5c7b81e8dede72433)


Version-Release number of selected component (if applicable):
RHEL 6.5 x68_64

How reproducible:
See steps v

Steps to Reproduce:
1. Follow par 4.2.1 and 4.2.2 to the letter on a RHEL 6.5 box
2.
3.

Actual results:
error: skipping package rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm with unverifiable V4 signature

Expected results:
rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm:
    Header V4 RSA/SHA1 Signature, key ID 6dc06f30: OK
    Header SHA1 digest: OK (0568898722e26e5df2c25fe239b72ac98667a66d)
    V4 RSA/SHA1 Signature, key ID 6dc06f30: OK
    MD5 digest: OK (05ef84979d583bd5c7b81e8dede72433)

Additional info:
See http://localsteve.wordpress.com/2013/02/06/signing-rpms-cause-unverifiable-v4-signatures-and-extreme-frustration/
Comment 4 Dan Macpherson 2015-09-16 02:34:39 UTC 
This is now live on the portal:

https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/html/Getting_Started_Guide/sect-Digital_Signatures_for_Red_Hat_Network_Packages.html#Generating_a_GnuPG_Keypair

Closing this bug.