2.10 wont install, different signature.

Question

2.10 wont install, different signature.

Closed this issue a year ago · 8 comments

Kreuger commented a year ago

Hey all. Cant install the latest update because the signature doesnt match.

Answer 1 · 2023-04-02T13:15:53.000Z

Hello. From which source are you trying to install it? It was the same key that used to sign previous build.

Answer 2 · 2023-04-02T14:31:19.000Z

From Fdroid and directly off here. As you can see below.

Answer 3 · 2023-04-02T18:35:58.000Z

Just dumped signatures and certificate digests for both versions.
Here are the results:

v52 - 2.10.0
Signer #1 certificate DN: CN=Alex Amiryan, OU=Dev, O=Stingle
Signer #1 certificate SHA-256 digest: ad29416ff8ae9dd1ec50b834cce0bf2e89663ff99c35783877de4224afbffc92
Signer #1 certificate SHA-1 digest: 074e7d5a9caad97e2aa730f8c571ef0b719d6524
Signer #1 certificate MD5 digest: 7b602194e964fb484b8040d618361151
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: ec7f6576b119fc89684052bfcfc742cd192135dcbccebd8bb5a25b1bf32030f6
Signer #1 public key SHA-1 digest: febd5d124f2ee0f63ce166858b46e7e6bdac7c5e
Signer #1 public key MD5 digest: 883f37d747ff14591ee7dd7dbbcfe0d1

v51 - 2.9.0
Signer #1 certificate DN: CN=Alex Amiryan, OU=Dev, O=Stingle
Signer #1 certificate SHA-256 digest: ad29416ff8ae9dd1ec50b834cce0bf2e89663ff99c35783877de4224afbffc92
Signer #1 certificate SHA-1 digest: 074e7d5a9caad97e2aa730f8c571ef0b719d6524
Signer #1 certificate MD5 digest: 7b602194e964fb484b8040d618361151
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: ec7f6576b119fc89684052bfcfc742cd192135dcbccebd8bb5a25b1bf32030f6
Signer #1 public key SHA-1 digest: febd5d124f2ee0f63ce166858b46e7e6bdac7c5e
Signer #1 public key MD5 digest: 883f37d747ff14591ee7dd7dbbcfe0d1

As you can see they are the same.
F-Droid and Play Store haven't rolled out updates yet. From where have you downloaded the APK file? Be careful it maybe modified!

Answer 4 · 2023-04-02T19:40:57.000Z

I use Obtainium to grab it directly from here, if not from FDroid.

Edit: Here is the signature for one currently installed.

So maybe the issue is that 2.9 is signed by fdroid. And the ones here om github are signed by you and I will have to wait for fdroid to get the update.

Answer 5 · 2023-04-02T19:46:45.000Z

Yes, exactly. F-Droid builds app from sources and signs it with their key. What I post here with the release is signed by me 😀

Answer 6 · 2023-04-03T01:49:57.000Z

So just as a follow up, how can I remove that old one without losing my data?

Answer 7 · 2023-04-03T02:28:24.000Z

If everything is backed up, you can delete the app reinstall it. If not, then you will loose data. In any case I would suggest to wait for the F-Droid update.

Answer 8 · 2023-04-03T22:42:15.000Z

Will do. Thanks.