Clients expect signed schema 1 manifests to contain a signature with the key ID in the correct format. We currently pass the automatically generated key ID which is just a hash of characters. 
This causes errors in clients that try to pull signed schema 1 manifests that are generated by Quay - when creating tags through the UI or manifest conversions.
The expected format of the Key ID can be found here: https://docs.docker.com/registry/spec/auth/jwt/

How to reproduce:

• Have a running instance of Quay
• Use skopeo to push an image as a Docker V2 Schema 1 manifest

skopeo copy --dest-creds='user:pass' --dest-tls-verify=false --format=v2s1 docker://docker.io/library/nginx:latest docker://localhost:8080/quayadmin/nginx:latest

• In the Quay console, go to the image that has been pushed and add another tag

• Try to pull image with the new tag
  • podman pull --tls-verify=false localhost:8080/quayadmin/nginx:new-tag
• Image pull will fail with the following error: "unmarshalling public key: JWK RSA Public Key ID does not match"