Where is Cryptomator's public PGP key?

I can’t find a key with this fingerprint 58117AFA1F85B3EEC154677D615D449FE6E6A235 noted here:

I can find only the key fingerprint 5054 3A3D A4B1 DB81 DA3E 79CB 509C 9D63 34C8 0F11 which is also noted here a few months ago signed by release@cryptomator.org:

I searched Ubuntu, MIT, SKS, and GNUPG servers.

Also, can you link you public key in the download page (not just fpr)?

Not part of the dev team, but I found key 0x615D449FE6E6A235 here:

https://keyserver.ubuntu.com/

Some of the Ubuntu key servers don’t seem to have that key. Not sure how the key servers sync to replicate keys but perhaps that delay is somehow to blame.

EDIT: The key seems to be on pgp.mit.edu now too, according to my search. Note that I have prefixed the fingerprint with “0x” which is a requirement for some (all?) key server fingerprint searches. I also used the abbreviated form of the fingerprint but the full one will work as well if prefixed by 0x.

3 Likes

Thanks a lot!

Yeah, the signature is good with that key, which has the fingerprint noted in the cryptomator’s download page.

I searched yesterday carefully the servers I noted above and it didn’t show up.

Cryptomator has several active public keys.They could link the key with the rfingerprint on the download page on their own website.

Hello there,
I would like to confirm: has Cryptomator devs changed their PGP signature key?
Version 1.5.10 has been signed with a key 0x615D449FE6E6A235 (valid from 2020-08-18), but in my keyring I have a key with fingerprint 0x509C9D6334C80F11 (valid from 2016-06-24 to 2021-12-31) which was correct for previous versions of Cryptomator.
New key is not signed by the previous one.
I cannot find any other proof that new key should supersede that old one.

Beginning with Cryptomator 1.5.8, we’ve signed with 615D449FE6E6A235, which is also signed with old 509C9D6334C80F11.

@mmi What key server did you get that key from? Maybe you don’t see signatures made with revoked keys? (Note the difference between gpg --list-sig E6E6A235 and gpg --check-sigs E6E6A235).

© 2020 Skymatic GmbH • Privacy PolicyImpressum