verifying rpms - public key not found

Michel Messerschmidt lists at
Fri Jul 3 09:57:22 CEST 2009

On Fri, July 3, 2009 07:21, Daniel Kahn Gillmor wrote:
> On 07/03/2009 12:04 AM, Chris wrote:
>> [chris at localhost ~]$ gpg
>> --check-sig /home/chris/ClamStuff/clamav-0.94.1-0.1.101mdk.i586.rpm
>> gpg: using PGP trust model
>> gpg: key 98E6705C: accepted as trusted key
>> gpg: error reading key: public key not found
> You're probably interested in something like gpg --verify, but i don't
> know exactly how signed .rpms work (i work with .debs mostly, which have
> external signatures), so hopefully someone else can pipe up with the
> specifics.

rpm provides its own verification command:
rpm -v --checksig <rpm-file>

It won't succeed though if your key is only available in the gnupg keyring
but was not imported into the rpm database - that's what the "rpm --import"
command is used for).


More information about the Gnupg-users mailing list