For the last two years when I have created my new GPG key I have forgotten to limit the key length to 1024 bits. This is needed because when signing RPM packages you can sign the packages with 2048 bit keys, but when you try to install them via rpm or yum, you get this error:
error: rpmts_HdrFromFdno: Header V3 RSA/SHA1 signature: BAD, key ID 03bab923
Nowhere can I find documented on the web that the key needs to be 1024 but in all examples of setting up the key they use the 1024 as the key length. At first, I thought it might be that I used the “RSA and RSA” key choice that is the default with gpg 1.4.10. The examples always show “DSA and Elgamal” key type. In the end, I wound up creating a separate key just for signing RPM packages that uses the DSA and Elgama algorithm and is 1024 bits long.