Checking Integrity of GPG4Windows

flapflap flapflap at riseup.net
Mon Sep 19 15:33:00 CEST 2016


Hi,

aguy whowrites:
> Not sure if this is the right place or if I will get a reply or if I will
> have to check the mailing list for replies but I'm going to give it a try.
> 
> I am trying to install GPG4Windows and want to check the integrity of GPG
> but am struggling to follow the instructions at the site:
> https://www.gnupg.org/download/integrity_check.html
> 
> I am trying to follow the instructions for not having an old version of GPG
> installed, however where do I enter the following code they suggest and how
> do I modify it for my GPG4Windows executable file? What program do I use?
> Keep in mind I don't have an old version of GPG installed.
> 
> sha1sum gnupg-2.0.30.tar.bz2

That is the command for Linux/Unix systems. If you are under Windows,
you'll use

  certutil -hashfile FileToHash.ext sha1

(via
https://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_hashfile)

In your case (gpg4win), your "FileToHash.ext" is most likely
"gpg4win-2.3.3.exe" (depends on the package you downloaded from
gpg4win.org).

1. launch "cmd.exe" (e.g. via start menu)
2. type the command

   certutil -hashfile gpg4win-2.3.3.exe sha1

3. press [enter] to start the command
4. compare the output with the "SHA1 checksum" for your file listed on
     https://www.gpg4win.org/package-integrity.html

Cheers,
~flapflap



More information about the Gnupg-users mailing list