Missing PGP Public Key

[MartinKroupaETN]

trafficstars

Describe the bug

I would like to ask you to provide the public PGP key to verify the signature of the jul-ecs-formatter-1.6.0.jar. I found a PGP public key on the hkps://keys.openpgp.org keyserver, but it did not contain a user ID with a verified email address and therefore was not imported into my system.

Steps to reproduce

$ curl -LOs "https://repo.maven.apache.org/maven2/co/elastic/logging/jul-ecs-formatter/1.6.0/jul-ecs-formatter-1.6.0.jar.asc"

$ gpg --verify jul-ecs-formatter-1.6.0.jar.asc
gpg: assuming signed data in 'jul-ecs-formatter-1.6.0.jar'
gpg: Signature made Po 19. února 2024, 14:21:37 CET
gpg:                using RSA key 1B30324253E3599F1A9873C1DB69C945CDE13051
gpg: Can't check signature: No public key

$ gpg --list-packets jul-ecs-formatter-1.6.0.jar.asc
# off=0 ctb=89 tag=2 hlen=3 plen=307
:signature packet: algo 1, keyid DB69C945CDE13051
	version 4, created 1708348897, md5len 0, sigclass 0x00
	digest algo 10, begin of digest f2 8f
	hashed subpkt 33 len 21 (issuer fpr v4 1B30324253E3599F1A9873C1DB69C945CDE13051)
	hashed subpkt 2 len 4 (sig created 2024-02-19)
	subpkt 16 len 8 (issuer key ID DB69C945CDE13051)
	data: [2045 bits]

$ gpg --keyserver hkps://keys.openpgp.org --verbose --recv-keys DB69C945CDE13051
gpg: enabled compatibility flags:
gpg: data source: https://keys.openpgp.org:443
gpg: armor header: Comment: 1B30 3242 53E3 599F 1A98  73C1 DB69 C945 CDE1 3051
gpg: pub  rsa2048/DB69C945CDE13051 2024-01-12  
gpg: key DB69C945CDE13051: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg:           w/o user IDs: 1

[SylvainJuge]

Hi, this is the same symptom as was reported in https://github.com/elastic/apm-agent-java/issues/3523, which is due to a change in the signing keys. Until recently all Elastic artifacts were signed with a single key which was widely available in most key servers.

This new public key however isn't yet available on all key servers though.