The RPM manpage says that PGP is currently the only one supported.
"In order to use the signature feature RPM must be configured to run PGP
[or GPG], and it must be able to find a public key ring with RPM public
keys in it.
_pgp_path is llisted
but through my testing, _gpg_path also works.
_signature states that "The Signature type. Right now only pgp is
My testing indicated that gpg in that field works fine.
_pgp_name the name of the "User" whose key you wish to sign your packages.
Through my testing, i discovered that the 'pgp_name' had to exactly match
the name of the UserID in my gpg public key. You might want to mention
*** This bug has been marked as a duplicate of 21289 ***