10 Chapter 3. Building Custom Packages3.2. Digital Signatures for RHN PackagesAll packages distributed through RHN should have a digital signature. A digital signatureis created with a unique private key and can be verified with the corresponding publickey. After creating a package, the SRPM (Source RPM) and the RPM can be digitallysigned with a GnuPG key. Before the package is installed, the public key is used to verifythe package was signed by a trusted party and the package has not changed since it wassigned.3.2.1. Generating a GnuPG KeypairA GnuPG keypair consists of the private and public keys. To generate a keypair type thefollowing command as the root user on the shell prompt:gpg --gen-keyIf you execute this command as a non-root user, you see the following message:gpg: Warning: using insecure memory!This message appears because non-root users cannot lock memory pages. Since you do notwant anyone else to have your private GnuPG key or your passphrase, you want to generatethe keypair as root. The root user can lock memory pages, which means the information isnever written to disk.After executing the command to generate a keypair, you see an introductory screen con-taining key options similar to the following:gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.This program comes with ABSOLUTELY NO WARRANTY.This is free software, and you are welcome to redistribute itunder certain conditions. See the file COPYING for details.Please select what kind of key you want:(1) DSA and ElGamal (default)(2) DSA (sign only)(4) RSA (sign only)Your selection?Accept the default option: (1) DSA and ElGamal. This option allows you to create adigital signature and encrypt/decrypt with two types of technologies. Type 1 and then press[Enter].Next, choose the key size, which is how long the key should be. The longer the key, themore resistant against attacks your messages are. Creating a key of at least 1024 bits insize is recommended.The next option asks you to specify how long you want your key to be valid. If you dochoose an expiration date, remember that anyone who is using your public key must also