I can’t find a key with this fingerprint 58117AFA1F85B3EEC154677D615D449FE6E6A235 noted here:
I can find only the key fingerprint 5054 3A3D A4B1 DB81 DA3E 79CB 509C 9D63 34C8 0F11 which is also noted here a few months ago signed by release@cryptomator.org:
I searched Ubuntu, MIT, SKS, and GNUPG servers.
Also, can you link you public key in the download page (not just fpr)?
Some of the Ubuntu key servers don’t seem to have that key. Not sure how the key servers sync to replicate keys but perhaps that delay is somehow to blame.
EDIT: The key seems to be on pgp.mit.edu now too, according to my search. Note that I have prefixed the fingerprint with “0x” which is a requirement for some (all?) key server fingerprint searches. I also used the abbreviated form of the fingerprint but the full one will work as well if prefixed by 0x.
Beginning with Cryptomator 1.5.8, we’ve signed with 615D449FE6E6A235, which is also signed with old 509C9D6334C80F11.
@mmi What key server did you get that key from? Maybe you don’t see signatures made with revoked keys? (Note the difference between gpg --list-sig E6E6A235 and gpg --check-sigs E6E6A235).