Questions about GPG keys in Yast and RPM GPG Keys

Hello,
I have stumbled upon a GPG key issue with Google’s repositories (not the issue of this post).
In my attempt to go deeper this time, I wanted to be sure that I have only the absolutely necessary keys installed on my system.

Thus, I started with YaST.
In YaST, I have 12 keys installed.

However, RPM has much more keys:


rpm -qa | grep gpg-pubkey | uniq | wc -l 
33

It’s almost 3 times more!
I try to understand how YaST manages those GPG Keys. My enabled repositories are 11, so I cannot much either the 33 or the 12!

How are GPG Keys handled by YaST?

In addition to this, a second issue is the number of GPG keys I see in RPM.
There are a lot of keys that are installed multiple times. One example, that is really curious is the Suse signing key!


rpm -qi gpg-pubkey-307e3d54-5aaa90a5 | grep -e "Packager" | wc -l 
4

Why on earth is Suse’s packager sign key installed 4 times on my system?
And it’s not the only one…

It does not do what you expect it to do. Read uniq man page: “Filter adjacent matching lines”.

How are GPG Keys handled by YaST?

YaST is using keys from RPM.

There are a lot of keys that are installed multiple times.

Nothing prevents package to be installed several times (from RPM point of view) which likely explains the difference. As you show neither keys listed by YaST nor keys listed by RPM, we cannot help you in checking it for you.

It’s not about checking, I already did.
It’s how they are managed.

BTW, yes, | uniq | sort does exactly what I need.
At the second part of the question, I demonstrate what is the reason for the 33 gpg keys (multiple installations).

To summarize:
System had 33 rpm gpg keys installed.
From them, 12 where unique.
Yast reported 11.

At this point, I have cleaned up the gpg keys and I have only 10, exactly those that I need. But the question of of course is WHY where that difference?
I am suspecting a bug in libzyp, but I don’t have enough data to support it yet.