Is there a problem signing your files ?

Tiouz · May 13, 2023, 10:12am

Hello,

I downloaded on your site SyncTrayzorPortable-x64.zip and the SHA1 and SHA512 hashes are correct. But when I check the signature of the files sha1sum.txt.asc and sha512sum.txt.asc themselves with the public key D26E6ED000654A3E given on your site. I have the return that they were signed with another key: FE6ADC8AE112FA6A.

Is this normal since you talk about another older key on your site page ?

Thanks

gpg --verify sha1sum.txt.asc
gpg: Signature faite le sam. 07 août 2021 14:11:16 CEST
gpg:                avec la clef RSA FE6ADC8AE112FA6A
gpg:                issuer "antony.male@gmail.com"
gpg: Impossible de vérifier la signature : Pas de clef publique

calmh · May 13, 2023, 10:20am

SyncTrayzor is a separate project, signing will be by the author.

Tiouz · May 13, 2023, 10:45am

ok and where to find the author key. Do you know ? I searched but couldn’t find…

Nummer378 · May 13, 2023, 11:54am

It’s in the SyncTrayzor repository: SyncTrayzor/security at master · canton7/SyncTrayzor · GitHub

Tiouz · May 13, 2023, 12:32pm

Yes I saw. But impossible to download the key of the author by refusal of GPG because of a defect of identity of the key. (lack)

Unusable

PS: I sent him a mail to warn him

Tiouz · May 13, 2023, 2:10pm

Here is its key:

https://keyserver.ubuntu.com/pks/lookup?search=FE6ADC8AE112FA6A&fingerprint=on&op=index