GPG Signature, RPM Packages

To verify the integrity of an RPM package, do the following:

1. Download my public GPG key from my security web page, save it in a file named “pmkey.asc“
2. Import my public key into RPM
3. Execute the rpm command with the -K option on the downloaded *.rpm file.

EXAMPLE:

{vlist14}
sudo rpm --import pmkey.asc
rpm  -K  bsu-3.0.2-1.x86_64.rpm

vlist14

The output from the ”rpm -K ” command should verify both md5 sum and gpg in one line:

bsu-3.0.2-1.x86_64.rpm: sha1 md5 OK