Signed RPM Verification

1. Export the public key to a file

# gpg --export --armor test@utimaco.com > gpgpub.key 

Exporting the public key to a file

2. Import the public key

# rpm --import gpgpub.key

Importing the public key to rpm db

3. Verify the signature of the signed rpm

# rpm --checksig <signed_rpm_file>

Verifying the signed rpm file

4. Verify the signing information

# rpm -qpi shim-15-8.el7.src.rpm 

Signature field contains the signing information

Verifying the signed rpm file signature information

This completes the Integration of GnuPG with Utimaco HSM.