"The following packages have bad signatures:
/tmp/linux/enigma-1.03-3mdk.i586.rpm: Invalid signature ((SHA1) DSA sha1 md5 (GPG) (MISSING KEY) GPG#78d019f5 NOT OK)"

what the cause of this problem anyway? is it FCS/crc error? should i check the md5 first?

I believe that means that the signature for that package is not in the RPM database. I get similar messages when installing non-Mandrake RPM's sometimes, but I've never had a problem because of it. I think there's some way to import the signature, but I usually just ignore it.

Edit: Oops, that is a Mandrake RPM. Did you download it from elsewhere though? Then the above would still apply.