I need to import a GPG key which is currently available at https://www.tenable.com/downloads/api/v1/public/pages/nessus-agents/downloads/7000/download?i_agree_to_tenable_license_agreement=true (yes that’s the best URL I can figure out for it, the sha256sum is
0f407c2df84f925acd9822e26731f3a881b3b94e5931a2ff8bf43b47be59f11e it’s also linked to under “Signing Keys” at the bottom of Download Nessus Agents | Tenable®)
But it won’t import.
[root@foo:production:~]$ head -2 /etc/os-release NAME="AlmaLinux" VERSION="9.0 (Emerald Puma)" [root@foo:production:~]$ update-crypto-policies --show DEFAULT [root@foo:production:~]$ gpg tenable-2048.gpg gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa2048 2013-03-21 [SC] [expires: 2022-12-05] 23A24C7088C62258AFEAC377C3E60E421C0C4A5D uid Tenable Network Security, Inc. <email@example.com> sub rsa2048 2013-03-21 [E] [expires: 2022-12-05] [root@foo:production:~]$ rpmkeys --verbose --import tenable-2048.gpg error: tenable-2048.gpg: key 1 import failed. [root@foo:production:~]$
--verbose doesn’t result in any more output than not using it.
On a hunch, I tried changing the crypto policy to
LEGACY, and then the key does import. But that’s not a satisfactory solution so I’m going to raise this with the vendor.
Can someone explain what specifically about this key means it can’t be imported with the policy set to
DEFAULT? And is this documented somewhere? (I’ve looked at RHEL 9 documentation about crypto policies but either didn’t see or didn’t recognise an explanation.) Similarly I unwittingly tried to import the AlmaLinux 8 key and that didn’t import but I don’t know why Can't import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux - #3 by mikew