How do I verify the download for Linux?

Hi, I am trying to verify my download but despite having done this for other downloads I can’t seem to work out how to do it with the cryptomator .appimage and .asc

The download page gives me two files and a sig: (the software) (the PGP sig)

And sig as text: d1e88605f00b29987e6229d086a1148b9a679b5f50e7f4f4a1121e80db9ad44e

If I type this command in, I think it should provide me with a hash I can check?

gpg --verify cryptomator-1.5.5-x86_64.AppImage.asc cryptomator-1.5.5-x86_64.AppImage

It gives me

gpg: Signature made Wed 27 May 2020 12:18:24 BST using RSA key ID 34C80F11
gpg: Good signature from "Cryptobot (Release Manager) <>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5054 3A3D A4B1 DB81 DA3E  79CB 509C 9D63 34C8 0F11

But where do I check this fingerprint to? The sig? It isn’t the same?

I am confused and would suggest maybe an explanation of how to check the authenticity is posted on the download page… ?

Yeah, we still have to update our website. In the meantime, see: