Setting up YUM
Based on information found here 
You need to install the CentOS RPM signing key. It is not installed as part of the base system install for security reasons. This provides you the opportunity to validate the key before installing it on your system.
RPM has the capacity to retrieve the key from a Centos Mirror:
rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4