Has Signal a new SHA-256 fingerprint? Because the fingerprint is different to what it was a month ago and also the fingerprint does not match.
I have downloaded the Signal-apk from the website again ( https://signal.org/android/apk/ ), because I update Signal manually and not through an appstore. The SHA-256 fingerprint on the website says
4B:E4:F6:CD:5B:E8:44:08:3E:90:02:79:DC:82:2A:F6
5A:54:7F:EC:C2:6A:BA:7F:F1:F5:20:3A:45:51:8C:D8
but when I run "apksigner verify -v --print-certs --min-sdk-version 24" in the terminal of my Ubuntu Linux, I get a different SHA-256:
apksigner verify -v --print-certs --min-sdk-version 24 Signal-Android-website-prod-universal-release-7.10.3.apk
Verifies
Verified using v1 scheme (JAR signing): false
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
Signer #1 certificate DN: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Signer #1 certificate SHA-256 digest: 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
Signer #1 certificate SHA-1 digest: 45989dc9ad8728c2aa9a82fa55503e34a8879374
Signer #1 certificate MD5 digest: d90db364e32fa3a7bda4c290fb65e310
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 1024
Signer #1 public key SHA-256 digest: 75336a3cc9edb64202cd77cd4caa6396a9b5fc3c78c58660313c7098ea248a55
Signer #1 public key SHA-1 digest: b46cbed18d6fbbe42045fdb93f5032c943d80266
Signer #1 public key MD5 digest: 0f9c33bbd45db0218c86ac378067538d
WARNING: APK Signature Scheme v3 signer #1: Unknown additional attribute: ID 0x559f8b02
So any idea why the SHA-256 fingerprint does not match?