Closed pico-prob closed 6 years ago
Heh. Interesting. However, no cause for alarm, check this out:
895F5BC123A02740 <--- you get this
23A02740 <--- key ID on the website
It's just that gpg version 2.x prints the long form by default. It seems that Fedora is STILL shipping with gpg 1.x per default, I was not aware of that! When calling gpg2
I get the same as you do (except that my gpg has "ultimate" trust for my key).
$ gpg2 --verify gocryptfs_v1.4.4_linux-static_amd64.tar.gz.asc
gpg: assuming signed data in 'gocryptfs_v1.4.4_linux-static_amd64.tar.gz'
gpg: Signature made Sun 18 Mar 2018 11:32:47 PM CET
gpg: using RSA key 895F5BC123A02740
gpg: Good signature from "Jakob Unterwurzacher (gocryptfs signing key) <jakobunt@gmail.com>" [ultimate]
I will update the website with the long form which is the new default, and more secure.
Haha.. I know this abbreviation from git commits. I just didn't take a close look at the ID. Sorry, my bad..
Best! m.
I have updated the page for gpg2: https://nuetzlich.net/gocryptfs/releases/#verify-binaries
Thanks for the report!
Hi,
I just checked the latest (1.4.4amd64) as explained here. This results in the following. As you can see the RSA key ID is different than announced at the respective webpage.
The issue might be caused by an outdated website? Or an incompetent user :) Everything else would be scary..
Best! Mathias