Is there a problem signing your files ?


I downloaded on your site and the SHA1 and SHA512 hashes are correct. But when I check the signature of the files sha1sum.txt.asc and sha512sum.txt.asc themselves with the public key D26E6ED000654A3E given on your site. I have the return that they were signed with another key: FE6ADC8AE112FA6A.

Is this normal since you talk about another older key on your site page ?


gpg --verify sha1sum.txt.asc
gpg: Signature faite le sam. 07 août 2021 14:11:16 CEST
gpg:                avec la clef RSA FE6ADC8AE112FA6A
gpg:                issuer ""
gpg: Impossible de vérifier la signature : Pas de clef publique

SyncTrayzor is a separate project, signing will be by the author.

ok and where to find the author key. Do you know ? I searched but couldn’t find…

It’s in the SyncTrayzor repository: SyncTrayzor/security at master · canton7/SyncTrayzor · GitHub

Yes I saw. But impossible to download the key of the author by refusal of GPG because of a defect of identity of the key. (lack)


PS: I sent him a mail to warn him

Here is its key: