Just a suggestion - I do not know if this only makes it more complicated: PGP/gpg is about the web of trust. Would it be possible and make sense that the openSUSE package signing key signs(=trusts) the SUSE package signing key and then the SUSE key would automatically be imported as trusted on openSUSE?