-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RPM version 4.16.1.3, failure to import some keys #1977
Comments
This is because the key’s subkey binding signature uses the weak SHA-1 hash algorithm. The |
I have access to the getpagespeed secret key as I work there. I resigned like so:
Then But when exported with |
You need to force GPG to regenerate the binding signatures on the subkeys. The easiest way I know to do that is to set an expiration date on the subkey, save the key, remove the expiration date, and then save the key again. |
This is due to RHEL 9 openssl outlawing SHA1 use in signatures. Nothing rpm can do about it. |
FYI,
And it can even fix them up, when that is appropriate:
(It's packaged for Fedora, too.) |
The GPG public key cannot be installed with RPM version 4.16.1.3, found in CentOS Stream 9.
All prior OS versions had installed it just fine.
But with RPM 4.16.1.3 there's indeed an unhelpful error message (see #1974).
I did my due search, and the only relevant thread I've found was at 1password community about critical bits being set in some data, however, listing packets with
gpg --list-packets
reveals nothing critical...Any help? I observe exactly the same issue with some keys pre-installed (but not imported) on CentOS 9 stream. For example:
But
The text was updated successfully, but these errors were encountered: