Different RSA Key ID appeared when verifying binary download

[pico-prob]

Hi,

I just checked the latest (1.4.4amd64) as explained here. This results in the following. As you can see the RSA key ID is different than announced at the respective webpage.

The issue might be caused by an outdated website? Or an incompetent user :) Everything else would be scary..

Best! Mathias

$ gpg --verify gocryptfs_v1.4.4_linux-static_amd64.tar.gz.asc
gpg: assuming signed data in 'gocryptfs_v1.4.4_linux-static_amd64.tar.gz'
gpg: Signature made So 18 Mär 2018 23:32:47 CET
gpg:                using RSA key 895F5BC123A02740
gpg: Good signature from "Jakob Unterwurzacher (gocryptfs signing key) <jakobunt@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: FFF3 E014 44FE D7C3 16A3  545A 895F 5BC1 23A0 2740

[rfjakob]

Heh. Interesting. However, no cause for alarm, check this out:

895F5BC123A02740 <--- you get this
        23A02740 <--- key ID on the website

It's just that gpg version 2.x prints the long form by default. It seems that Fedora is STILL shipping with gpg 1.x per default, I was not aware of that! When calling gpg2 I get the same as you do (except that my gpg has "ultimate" trust for my key).

$ gpg2 --verify gocryptfs_v1.4.4_linux-static_amd64.tar.gz.asc
gpg: assuming signed data in 'gocryptfs_v1.4.4_linux-static_amd64.tar.gz'
gpg: Signature made Sun 18 Mar 2018 11:32:47 PM CET
gpg:                using RSA key 895F5BC123A02740
gpg: Good signature from "Jakob Unterwurzacher (gocryptfs signing key) <jakobunt@gmail.com>" [ultimate]

[rfjakob]

I will update the website with the long form which is the new default, and more secure.

[pico-prob]

Haha.. I know this abbreviation from git commits. I just didn't take a close look at the ID. Sorry, my bad..

Best! m.

[rfjakob]

I have updated the page for gpg2: https://nuetzlich.net/gocryptfs/releases/#verify-binaries

Thanks for the report!