I need to import a GPG key which is currently available at https://www.tenable.com/downloads/api/v1/public/pages/nessus-agents/downloads/7000/download?i_agree_to_tenable_license_agreement=true (yes that’s the best URL I can figure out for it, the sha256sum is 0f407c2df84f925acd9822e26731f3a881b3b94e5931a2ff8bf43b47be59f11e
it’s also linked to under “Signing Keys” at the bottom of Download Tenable Nessus Agent | Tenable®)
But it won’t import.
[root@foo:production:~]$ head -2 /etc/os-release
NAME="AlmaLinux"
VERSION="9.0 (Emerald Puma)"
[root@foo:production:~]$ update-crypto-policies --show
DEFAULT
[root@foo:production:~]$ gpg tenable-2048.gpg
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa2048 2013-03-21 [SC] [expires: 2022-12-05]
23A24C7088C62258AFEAC377C3E60E421C0C4A5D
uid Tenable Network Security, Inc. <releases@tenable.com>
sub rsa2048 2013-03-21 [E] [expires: 2022-12-05]
[root@foo:production:~]$ rpmkeys --verbose --import tenable-2048.gpg
error: tenable-2048.gpg: key 1 import failed.
[root@foo:production:~]$
Sadly --verbose
doesn’t result in any more output than not using it.
On a hunch, I tried changing the crypto policy to LEGACY
, and then the key does import. But that’s not a satisfactory solution so I’m going to raise this with the vendor.
Can someone explain what specifically about this key means it can’t be imported with the policy set to DEFAULT
? And is this documented somewhere? (I’ve looked at RHEL 9 documentation about crypto policies but either didn’t see or didn’t recognise an explanation.) Similarly I unwittingly tried to import the AlmaLinux 8 key and that didn’t import but I don’t know why Can't import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux - #4 by joebeasley