#Signed app for updater issue

I have created a signed package for updater plugin. I have used the public key generated by the cargo generate and base64 decoded it looks like this

untrusted comment: minisign public key: C07B7C519EE6B39D
RWSds+aeUXx7wB8ImuRGBnmT9fCEUIjWueVz1YG/FVb7GN7oudAg1zq0

It is 56 chars and it fails on InvalidEncodig issue. I am looking into the updater and minisign code and it expects the public key to be 74 binary length, but my public key (provided by cargo tauri build command) has length just 42. How to fix it? Thanks

A code reference to minisign_verify https://github.com/jedisct1/rust-minisign-verify/blob/95d1db8d3140726b79e4260602e55c64e8e3052d/src/lib.rs#L122-L158

did you maybe simply copied the key incorrectly? i can't remember the command exactly but i remember someone here used a cli command to copy it and for some reason it cut off parts of it.

did you try regenerating it? == is it consistent?

I am trying all I can. I tried to generate keys with different minisign cli tool (not cargo signer generate) and it generates similar keys, but those are not validated as well. Either format or key length does not match or signature is not valid

My summary today is theat the cargo tauri signer generate generates invalid public key that is not accepter when validating signed package. If I use standalone minisign tool, I can generate proper keys, sign the package, but validation fails once tauri downloads the package. Tested on Mac and Windows. Not sure how to move forward now

which tauri-cli version are you using?

and did you install it with the --locked flag? Wondering if there's some inner dep update being weird.

on that note, does the npm tauri cli show the same behavior?

I am using cli version 2.5.0 and probably witout the --locked flag