gpg4win expired code signing cert; please renew.
Robert J. Hansen
rjh at sixdemonbag.org
Fri Oct 17 23:44:11 CEST 2025
> By the way, one doesn't need Microsoft's OS for checking the signature. Using
> Linux it's pretty simple to check the certificate that was used. First we
> extract the signature:
> ```
> $ osslsigncode extract-signature -pem -in gpg4win-5.0.0-beta369.exe \
> -out gpg4win-5.0.0-beta369.exe.pem
> PE checksum : 028F186B
> Succeeded
> ```
FWIW, although I'm grateful osslsigncode exists I often find it to be
unpleasant to use at the command line. Several months ago I wrote a
Python script to make it easier for me, and a couple of other people
have reported it makes their workflow easier.
https://github.com/rjhansen/signtool
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251017/e9286286/attachment.sig>
More information about the Gnupg-users
mailing list