Since Sun 04 Apr 2004 all the SuSE 9.0 packages has been signed by a 2048 
GNUPG signature. To be able to verify the signature you should:

1) download the file 'pubgpg_rpm.asc' from this directory
2) Import the key in your rpm database

#rpm --import pubgpg_rpm.asc  

If you use 'apt' to install SuSE 9.x rpms, then you even have a very easy way to
import de key: Just install the rpmkey-suser-gbv rpm package using apt:

# apt-get install rpmkey-suser-gbv

This package contains the key and it will be imported to RPM database. This feature
is set for apt versions released after Aug-17-2004.
   
SuSE 8.0, SuSE 8.1 and SuSE 8.2 packages are signed by a prior dated 
28 Mar 2004 PGP signature due to some software incompatibilities. The public 
PGP key is in the file 'pubpgp.asc'.