Closed bwildenhain closed 1 year ago
Until the key on GitHub is updated, you can find the valid key here.
Hi! Weird, I've updated it a long time ago (I would not be able to use it for signing otherwise). I guess I've sent it to a wrong key server (Ubuntu's?), hence the confusion. I'll recheck.
Edit: It looks good here:
Looks good on my side:
~/w/gpg [1]$ podman run -it -v (pwd):/app --rm fedora
[root@1e61dadf6b45 /]# dnf install gpg
Fedora 38 - x86_64 7.2 MB/s | 83 MB 00:11
Fedora 38 openh264 (From Cisco) - x86_64 495 B/s | 2.5 kB 00:05
Fedora Modular 38 - x86_64 953 kB/s | 2.8 MB 00:02
Fedora 38 - x86_64 - Updates 8.3 MB/s | 12 MB 00:01
Fedora Modular 38 - x86_64 - Updates 173 B/s | 257 B 00:01
Package gnupg2-2.4.0-3.fc38.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@1e61dadf6b45 /]# gpg --recv-key d9bae35991de5b22
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key D9BAE35991DE5B22: public key "Szczepan Zalega <szczepan.zalega@gmail.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
[root@1e61dadf6b45 /]# gpg --list-key
/root/.gnupg/pubring.kbx
------------------------
pub rsa4096 2016-01-11 [SC] [expires: 2024-01-17]
868184069239FF65DE0BCD7DD9BAE35991DE5B22
uid [ unknown] Szczepan Zalega <szczepan.zalega@gmail.com>
uid [ unknown] Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>
sub rsa4096 2016-01-11 [E] [expires: 2024-01-17]
What key server do you use?
I think this is about the key that you add to your GitHub profile.
Ok, looks like GH had a hiccup, and now after reupload (to GH) it does not show the key as expired. It was refreshing it automatically for the last 4 years before though.
Closing. @bwildenhain Please reopen if that's not fixed your case.
The last commits of this repository where done using @szszszsz GnuPG key which expired (see https://github.com/Nitrokey/pynitrokey/commits/master or "git verify-commit HEAD). Would it be possible to update this key to be able to verify the repos authenticity again?