gocryptfs Releases

gocryptfs is released as

• source code using signed git tags, please git clone https://github.com/rfjakob/gocryptfs.git
• precompiled binaries with .asc gpg signatures, download at github

Signing Key

Binary and source releases are signed using the gocryptfs signing key, key ID 895F5BC123A02740 (gpg 1.x users only see the second half: 23A02740).

The public key can be downloaded here. To verify signatures, you have to import it into gpg:

$ wget https://nuetzlich.net/gocryptfs-signing-key.pub
$ gpg --import gocryptfs-signing-key.pub

Verify Git Tags

Just call git tag with the -v flag, for example:

$ git tag -v v2.6.1
object 25e85a4454e93643ad92397d01ed532a360d7ee2
type commit
tag v2.6.1
tagger Jakob Unterwurzacher <jakobunt@gmail.com> 1754852675 +0200

gocryptfs v2.6.1
gpg: Signature made Sun Aug 10 21:04:41 2025 CEST
gpg:                using RSA key FFF3E01444FED7C316A3545A895F5BC123A02740
gpg: Good signature from "Jakob Unterwurzacher (gocryptfs signing key) <jakobunt@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: FFF3 E014 44FE D7C3 16A3  545A 895F 5BC1 23A0 2740

Verify Binaries

Download both the .tar.gz and the .asc file, then run gpg --verify gocryptfs_XYZ.asc, for example:

$ gpg --verify gocryptfs_v1.4.4_linux-static_amd64.tar.gz.asc

gpg: assuming signed data in 'gocryptfs_v1.4.4_linux-static_amd64.tar.gz'
gpg: Signature made Sun Mar 18 23:32:47 2018 CET
gpg:                using RSA key 895F5BC123A02740
gpg: Good signature from "Jakob Unterwurzacher (gocryptfs signing key) <jakobunt@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: FFF3 E014 44FE D7C3 16A3  545A 895F 5BC1 23A0 2740