I can’t find a key with this fingerprint 58117AFA1F85B3EEC154677D615D449FE6E6A235 noted here:
I can find only the key fingerprint 5054 3A3D A4B1 DB81 DA3E 79CB 509C 9D63 34C8 0F11 which is also noted here a few months ago signed by release@cryptomator.org:
I searched Ubuntu, MIT, SKS, and GNUPG servers.
Also, can you link you public key in the download page (not just fpr)?
Not part of the dev team, but I found key 0x615D449FE6E6A235 here:
Some of the Ubuntu key servers don’t seem to have that key. Not sure how the key servers sync to replicate keys but perhaps that delay is somehow to blame.
EDIT: The key seems to be on pgp.mit.edu now too, according to my search. Note that I have prefixed the fingerprint with “0x” which is a requirement for some (all?) key server fingerprint searches. I also used the abbreviated form of the fingerprint but the full one will work as well if prefixed by 0x.
Thanks a lot!
Yeah, the signature is good with that key, which has the fingerprint noted in the cryptomator’s download page.
I searched yesterday carefully the servers I noted above and it didn’t show up.
Cryptomator has several active public keys.They could link the key with the rfingerprint on the download page on their own website.
Beginning with Cryptomator 1.5.8, we’ve signed with 615D449FE6E6A235, which is also signed with old 509C9D6334C80F11.
@mmi What key server did you get that key from? Maybe you don’t see signatures made with revoked keys? (Note the difference between gpg --list-sig E6E6A235 and gpg --check-sigs E6E6A235).
Can you upload the right key here too:
It’s a modern clean server. The email should be confirmed. You can delete old revoked keys to clean the noise.