Links:The GPG key used to sign all packages
"Since Red Hat Linux 8.0, rpm handles package signature checking internally. This is why you should feed rpm the public keys used to sign the packages you want to install, although it isn't mandatory. This can be easily done by downloading the RPM-GPG-KEY.txt file above then running :
rpm --import RPM-GPG-KEY.txt
rpm --import /usr/share/doc/redhat-release-*/RPM-GPG-KEY
The second line will import Red Hat's main public key, which is recommended. This needs te be done as root of course, and after, you will be able to install packages that have a valid gpg signature by simply double-clicking them from nautilus, the GNOME file manager (although I don't find that very intuitive). Using a dependency tool like apt or yum is much more practical. "
Copyed from www.freshrpms.net
copyrights reserved to www.freshrpms.net
GoodLuck Hope that works for you