Sigasi only uses one GPG key pair to sign SVH for Eclipse artifacts. However, the expiration date is bumped periodically. The public key is available at keys.openpgp.org with fingerprint 2E0E526654808BF3D1F4DA670E6BDA36841C1542 . Alternatively, you can import the key at the bottom of this page or run the following command.
gpg --auto-key-locate keyserver --keyserver https://keys.openpgp.org --locate-keys 2E0E526654808BF3D1F4DA670E6BDA36841C1542
Anyone can create a GPG key under any name and upload it to any keyserver. To ensure that the SVH for Eclipse artifacts you’ve acquired are really sourced from us, you can check whether the attached GPG signature matches the public key mentioned above.
All SVH for Eclipse artifacts since Sigasi Studio 5.1 can be verified using the key below. If you already trusted a previous Sigasi public key, you can also refresh the expiration date through the following command.
$ gpg --import <<HERE
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEY+JtjRYJKwYBBAHaRw8BAQdAmQdXYtcQRb7STx77KX/4VTRvqMKO0HTyLqV0
YpgNwKG0GVNpZ2FzaSA8YWRtaW5Ac2lnYXNpLmNvbT6ImQQTFgoAQQULCQgHAgIi
AgYVCgkICwIEFgIDAQIeBwIXgAIbARYhBC4OUmZUgIvz0fTaZw5r2jaEHBVCBQJn
rc9QBQkLUC/DAAoJEA5r2jaEHBVCbtQBALFW45aitgEjSeZ2GduMxu5fKOApBBhN
TyW0No5LcqdlAP4248iki5P5WSyagS4MXqhZXB0IV/01Un349IkYdUVCArg4BGPi
bY0SCisGAQQBl1UBBQEBB0CBIhGbqS4kqZxvTGNOzsBM74eJREdtxC5iYV7SSRrZ
dAMBCAeIfgQYFgoAJgIbDBYhBC4OUmZUgIvz0fTaZw5r2jaEHBVCBQJnrc9CBQkL
UC+1AAoJEA5r2jaEHBVCh9sBAN64HTozCjkflBONxQ9GpplS9r9CZ4yDGRgAY4Xc
Ui7aAP9q7vcxUHjTwFQx+vDw8zoxP+GHfUYe54z8O4z8+hbwCrgzBGPibsgWCSsG
AQQB2kcPAQEHQHJbIDcTn0ISRNjJ28B8Ne/H5aEDBQdMz9BqCsPyeZORiPUEGBYK
ACYCGwIWIQQuDlJmVICL89H02mcOa9o2hBwVQgUCZ63PRQUJC1AuegCBdiAEGRYK
AB0WIQShrwGxeNMVaQ/ezqRF9vdqO2piSwUCY+JuyAAKCRBF9vdqO2piSxOZAP9F
kNJPQGzkBbMRpQ5UP+kLnvj3cTsukGNfPeVFuwmJpwD9Hu8NE9gEYUf/wVOBJAz3
PxLyHREAaQxYBfv21C8YvAEJEA5r2jaEHBVCumAA/iQ/pDJQtdkoCxu3rKb2MRCj
VVTWX41dYkXVI7vr8ogCAQDWlMyhM8lSe3aWbxHa4x2N/fkt64sW3Qi022haad2u
CA==
=aueC
-----END PGP PUBLIC KEY BLOCK-----
HERE