Bug 478805

Summary: GPG key file of digikamdeveloper@gmail.com comes with bad signature
Product: [Applications] digikam Reporter: Fnx <td_safemail-linux>
Component: Bundle-AppImageAssignee: Digikam Developers <digikam-bugs-null>
Status: RESOLVED WORKSFORME    
Severity: normal CC: caulier.gilles
Priority: NOR    
Version First Reported In: 8.2.0   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed/Implemented In: 8.4.0
Sentry Crash Report:

Description Fnx 2023-12-20 23:30:23 UTC 
SUMMARY
***
NOTE: If you are reporting a crash, please try to attach a backtrace with debug symbols.
See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***


STEPS TO REPRODUCE
1. Look and search for digikam gpg public key:
 gpg --fingerprint --search-keys D1CF2444A7858C5F2FB095B74A77747BC2386E50

Alternate
 gpg --import D1CF2444A7858C5F2FB095B74A77747BC2386E50.asc
 

OBSERVED RESULT
gpg --fingerprint --search-keys D1CF2444A7858C5F2FB095B74A77747BC2386E50
gpg: data source: https://keys.openpgp.org:443
(1)     digiKam.org (digiKam project) <digikamdeveloper@gmail.com>
          4096 bit RSA key 0x4A77747BC2386E50, created: 2018-08-28
Keys 1-1 of 1 for "D1CF2444A7858C5F2FB095B74A77747BC2386E50".  Enter number(s), N)ext, or Q)uit > 1
gpg: Note: signatures using the SHA1 algorithm are rejected
gpg: key 0x4A77747BC2386E50: 2 bad signatures
gpg: key 0x4A77747BC2386E50: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg:           w/o user IDs: 1


EXPECTED RESULT
gpg key added to the keyring

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: Kubuntu 22.04
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION
Comment 1 Fnx 2023-12-20 23:36:35 UTC 
Signature control of files cannot be performed:
$ gpg --verify digiKam-8.2.0-x86-64.appimage.sig 
gpg: assuming signed data in 'digiKam-8.2.0-x86-64.appimage'
gpg: Signature made mer. 29 nov. 2023 21:46:38 CET
gpg:                using RSA key D1CF2444A7858C5F2FB095B74A77747BC2386E50
gpg: Can't check signature: No public key
Comment 2 caulier.gilles 2024-04-12 00:14:46 UTC 
Not reproducible :

gilles@ku2310arm64:~/Public$ gpg --fingerprint --search-keys D1CF2444A7858C5F2FB095B74A77747BC2386E50
gpg: data source: https://keys.openpgp.org:443
(1)     digiKam.org (digiKam project) <digikamdeveloper@gmail.com>
          4096 bit RSA key 4A77747BC2386E50, created: 2018-08-28
Keys 1-1 of 1 for "D1CF2444A7858C5F2FB095B74A77747BC2386E50".  Enter number(s), N)ext, or Q)uit > 1
gpg: /home/gilles/.gnupg/trustdb.gpg: trustdb created
gpg: key 4A77747BC2386E50: public key "digiKam.org (digiKam project) <digikamdeveloper@gmail.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gilles@ku2310arm64:~/Public$ uname -a
Linux ku2310arm64 6.5.0-27-generic #28-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar  8 00:42:16 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux
gilles@ku2310arm64:~/Public$ gpg --version
gpg (GnuPG) 2.2.40
libgcrypt 1.10.2
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/gilles/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
gilles@ku2310arm64:~/Public$