signing key expired

Hello, i was trying to download ardor wallet but when i check the signing key, gpg says that the signing key is expired on 2022-03-04

$ gpg --show-key jelurida.gpg

pub   rsa4096 2017-03-05 [C] [expired: 2022-03-04]
uid                      Jelurida B.V. (Jelurida Software Releases Signing Key) <>
sub   rsa4096 2017-03-05 [S] [expired: 2022-03-04]
sub   rsa4096 2017-03-05 [E] [expired: 2022-03-04]
sub   rsa4096 2017-03-05 [A] [expired: 2022-03-04]

The fingerprint that i see is: BECFEA9B6B2B3BFFA0DBB3440CF9C7472D80B8B9 instead 73A64D7891CAFF5D1367638EC654D7FCFF18FD55

$ gpg -v --verify

gpg: Signature made Tue 18 May 2021 11:44:44 CEST
gpg:                using RSA key BECFEA9B6B2B3BFFA0DBB3440CF9C7472D80B8B9
gpg: Can't check signature: No public key

Can i trust this fingerprint?

1 Like

We re-uploaded the Jelurida public key to a few keyservers when extending its expiration date but apparently forgot to update it on our website, if this is where you got it from. It is updated now there too, thanks for letting us know. The BECFEA9B6B2B3BFFA0DBB3440CF9C7472D80B8B9 fingerprint is that of the signing subkey and 73A64D7891CAFF5D1367638EC654D7FCFF18FD55 is for the master key, it is common that GPG keys contain separate subkeys to be used for signing, encryption, or authentication.