What were you trying to do that didn't work?

When algorithm is disabled in cryptographic policy and we attempt to import the key of this type into RPM DB, it fails as it can not verify the signature made over the certificate.

The previous change RHEL-144414 did modify just how the signatures of disabled algorithms were verified and we need to revisit if we need also the change on key import.

The following WIP PR implements the discussed change:

https://github.com/rpm-software-management/rpm-sequoia/pull/109

What is the impact of this issue to you?

Please provide the package NVR for which the bug is seen:

How reproducible is this bug?:

Steps to reproduce

1. Configure system to disable RSA algorithm in cryptographic policies (Assume Q day)
2. Import the RSA key into RPM DB: rpmkeys --import /.../RSA.key

Expected results

Rpm lib returns NonTrusted error, which could be interpreted in different way than the general failure.

Actual results

General failure importing key.