Symptoms

About GPG: GnuPG (also known as GPG) is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GPG is an identification key system and can be used to "sign" files, or email messages so you can check the authenticity of them once the same file is received and used elsewhere.

Cause

Why GPG sign? Signing data with a GPG key enables the recipient of the data to verify that no modifications occurred after the data was signed (assuming the recipient has a copy of the sender's public GPG key). The GPG key is valid until September 17, 2025.RPM package files (.rpm) and yum repository metadata can be signed with GPG.Linux RPM uses GPG to sign packages. GPG does not rely on a network of Certificate Authorities (CA), but on individual signatures and peer trust. PSO provides a GPG valid for two years to sign our RPM files, and we include the public key with every build. To verify the signature of an RPM, you must first import the Dell NetWorker public key into the GPG keyring, and then verify the RPM.NetWorker Linux RPM packages can be signed using a public GPG key that is listed in this article.

Resolution

NetWorker support for GPG keys: NetWorker added a support for GPG key signing from NetWorker version 9.1 and later. GPG keys have an expiration period of one year. If the RPMs have signed with a key that has expired, then validation of the signature requires the key that was used during signing. For example, if the GPG key named key-1 is used to sign the RPMs in 2021, then the same key cannot be used to sign RPMs in 2022. If it has expired, however it can be used to validate the signature for the RPMs that were signed using it.The list of GPG keys and their expiry date is mentioned in the additional information section of this document.Procedure to Validate GPG signature: Check whether RPM has a valid GPG signature using the below command (or equivalent for the respective Linux operating system). For example, on Red Hat Enterprise Linux SuSE you can run the below command to validate the signature. #rpm --checksig -v lgtoclnt-9.1.1.6-1.x86_64.rpm lgtoclnt-9.1.1.6-1.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID 882b4d9f: NOKEY Header SHA1 digest: OK (cd898cf6ed9c3be4e40d97662bc16d34648738c3) V3 RSA/SHA1 Signature, key ID 882b4d9f: NOKEY MD5 digest: OK (cc0b0254cf30ecbb3d8041075712c7fc) The Dell NetWorker GPG key is 1024 bit. Copy the GPG public key that is highlighted in the last section of this document to a file and import it using below command.Import the key using the below command. This command imports the GPG public key into the local client system for Dell NetWorker. The RPM database has a key against Dell NetWorker. rpm --import rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' .... gpg-pubkey-882b4d9f-59c1a07d --> gpg(DellEMC NetWorker ) The NetWorker RPM package now shows as GPG signed. #rpm --checksig -v lgtoclnt-9.1.1.6-1.x86_64.rpm lgtoclnt-9.1.1.6-1.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID 882b4d9f: OK Header SHA1 digest: OK (cd898cf6ed9c3be4e40d97662bc16d34648738c3) V3 RSA/SHA1 Signature, key ID 882b4d9f: OK MD5 digest: OK (cc0b0254cf30ecbb3d8041075712c7fc)

Support Cases