Gpg4win - Check Integrity (2024)

Check integrity of Gpg4win packages

Usually you can use Microsoft's own methods to checkthat the installer is signed by one of the current code signing certificateslisted below.

Microsoft will normally display the code signature in anuser account control dialog when you try to execute the downloaded file;alternatively you can take a look in the file properties with the explorer.

Additional methods how to check the integrity canbe found on theWiki page on integrity checks.

Code Signing Certificate

The Gpg4win exe installer is signed with the following codesigning certificate (since 2022):

 S/N: 4F7382A39E57A34E167CF912 Issuer: CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE Subject: 1.2.840.113549.1.9.1=#636F646540673130636F64652E636F6D,CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE sha2_fpr: DF:B5:9B:70:5C:47:9E:4E:FF:34:AD:BF:F9:B8:DC:AF:5F:74:D3:F6:58:91:F3:8C:D1:B1:0D:C8:D3:F1:42:20 sha1_fpr: B2:85:2D:44:90:F6:55:EB:EA:DF:9F:FD:8D:09:2E:81:54:45:00:77 certid: 6E9CA841CF00ABF4F8929210FF478C9CAB578518.4F7382A39E57A34E167CF912 keygrip: A340DB2D0B82943E8AFD854C6366D5953014D583notBefore: 2022-04-08 08:26:24 notAfter: 2025-07-02 12:12:13

Previously used code signing certificates were:

 S/N: 2F48FAE3C9E7B142B9A8B259 Issuer: CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE Subject: 1.2.840.113549.1.9.1=#636F646540673130636F64652E636F6D,CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE sha2_fpr: B7:15:C7:C6:11:5A:99:A8:B1:C2:91:BE:68:90:BB:EE:AD:42:EE:2F:F6:17:78:E3:66:A0:1A:21:4E:FD:D8:00 sha1_fpr: 87:94:97:61:BE:B0:7B:FD:0B:90:F3:76:1F:1D:3E:3F:CC:3C:4D:B3 certid: 6E9CA841CF00ABF4F8929210FF478C9CAB578518.2F48FAE3C9E7B142B9A8B259 keygrip: 353A5BE748A8622E4D121DB3340A4EC1D4058BE1notBefore: 2021-04-21 16:45:15 UTC notAfter: 2022-06-02 12:12:13 UTC S/N: 39E684F05C48911BAFB37629 Issuer: CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE Subject: 1.2.840.113549.1.9.1=#636F646540673130636F64652E636F6D, CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE sha2_fpr: E0:4D:CD:E2:C9:EA:51:F3:34:63:CC:16:05:F2:9E:01:C2:84:F1:8F:ED:C8:E6:A6:42:05:EE:81:11:EF:BE:8C sha1_fpr: 42:DE:0F:25:84:8B:D2:E4:41:62:E1:BF:29:CD:97:0E:EB:70:F6:48 md5_fpr: 89:A8:7B:01:99:1B:74:AD:75:86:20:C3:AF:36:9E:76notBefore: 2019-04-23 05:54:41 UTC notAfter: 2022-06-02 12:12:13 UTC S/N: 53F647D0F1DBA9E312A05669 Issuer: CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE Subject: 1.2.840.113549.1.9.1=#636F64657369676E696E6740696E7465766174696F6E2E6465, CN=Intevation GmbH,O=Intevation GmbH,L=Osnabrueck,ST=Niedersachsen,C=DE sha1_fpr: C1:3A:65:96:3A:D5:3E:78:69:4D:D2:23:D5:18:00:77:91:A0:5F:E4 md5_fpr: 4C:AD:36:5A:30:06:B0:A3:6D:BB:1E:30:1E:44:4E:17notBefore: 2019-03-13 12:15:07 notAfter: 2022-04-30 16:54:41 S/N: 1121A3D67EAB28AA86FD85728B57FA62630D Issuer: CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE Subject: 1.2.840.113549.1.9.1=#636F64657369676E696E6740696E7465766174696F6E2E6465, CN=Intevation GmbH,O=Intevation GmbH,L=Osnabrueck,ST=Niedersachsen,C=DE sha1_fpr: DE:16:D5:97:2F:0B:73:95:F7:D9:1E:DC:1F:21:9B:0F:FE:89:FA:B3 md5_fpr: C0:98:08:94:D4:E7:97:3E:9D:F4:18:E4:5E:0A:2E:D7notBefore: 2016-03-30 16:54:41 notAfter: 2019-03-31 16:54:41 S/N: 112117F638BDC993B761C6073D63C2F86EC4 Issuer: CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE Subject: 1.2.840.113549.1.9.1=#636F64657369676E696E6740696E7465766174696F6E2E6465, CN=Intevation GmbH,O=Intevation GmbH,L=Osnabrueck,ST=Niedersachsen,C=DE sha1_fpr: 15:94:27:DA:C1:6E:68:A4:DD:47:EF:04:D2:17:C5:56:00:CF:A0:EC md5_fpr: 35:64:A0:D5:FC:6A:58:83:B8:C4:F7:1F:1C:F9:A6:9EnotBefore: 2013-06-20 14:48:08 notAfter: 2016-09-10 09:27:26 S/N: 0100000000012A60AF8A8F Issuer: CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE Subject: 1.2.840.113549.1.9.1=#636F64657369676E696E6740696E7465766174696F6E2E6465, CN=Intevation GmbH,O=Intevation GmbH,C=DE sha1_fpr: B4:71:26:90:F0:3A:69:1E:F0:75:3F:8D:11:C9:EA:C3:6D:FB:7C:92 md5_fpr: 80:0E:E2:F9:6F:AC:F4:16:0F:B2:AB:65:CA:82:22:55notBefore: 2010-08-11 09:27:29 notAfter: 2013-08-11 09:27:26

SHA256 checksums

2db44b086d860c51a4f45f43a739cd20fb0822189deb1c1cf13e4b5a3b05bc3b gpg4win-4.3.1.exebbb95cd1cbacd644c90eea8e95949c53a6ac61de4ec05cd214ab8c0b0ecc80ba gpg4win-4.3.1.tar.bz2

SHA1 checksums

7c5fa919c2eb90194e844de027a36e87c7be8a80 gpg4win-4.3.1.exe9d35f29e5b6d96b83b0b44a35b0ae8f5ff747b5f gpg4win-4.3.1.tar.bz2

OpenPGP signatures

For gpg4win-4.3.1.exe:https://files.gpg4win.org/gpg4win-4.3.1.exe.sig
For gpg4win-4.3.1.tar.bz2:https://files.gpg4win.org/gpg4win-4.3.1.tar.bz2.sig

File lengths

If you have a mismatch on the checksum or a bad signature you shouldfirst verify that you really downloaded the complete file. Here arethe lengths you should get:

35521800 bytes for gpg4win-4.3.1.exe230473972 bytes for gpg4win-4.3.1.tar.bz2

FAQs

How do I verify file integrity in GPG? ›

Since 2021 the signatures are created by one of the official GnuPG release keys (aka certificates) they can be obtained from the GnuPG Homepage or downloaded from public keyservers. Checking the signature is best done via the File Explorer: Right click on the file and use GpgEX options -> verify.

Read On ›

How to verify gpg signature windows? ›

Verify the signature.

Type the following command into a command-line interface:
gpg --verify [signature-file] [file]
E.g., if you have acquired.
(1) the Public Key 0x416F061063FEE659,
(2) the Tor Browser Bundle file (tor-browser.tar.gz), and.

More items...

Discover More Details ›

What is the use of GPG4Win? ›

You can use Gpg4win for signing and encrypting not just e-mails, but also individual files. The principle is the same: You sign a file using your private certificate, to ensure that the file cannot be modified. Then encrypt the file using a public certificate, to prevent unauthorized persons from seeing it.

What is GpgEX? ›

The GPG4Win package for Windows contains a small utility program called GpgEX, which facilitates file management using GnuPG considerably. By using the program you can encrypt, sign, decrypt, check signatures and calculate checksums for files. Quick help.

See Details ›

How do I check integrity files? ›

Navigate to Computer Configuration ➔ Windows Settings ➔ Security Settings ➔ Advanced Audit Policy Configuration ➔ Object Access. The Object Access lists all of its sub-policies in the right panel, as shown in the figure below. Select the Audit File Systems and enable audit for Success events.

Find Out More ›

How is file integrity verified? ›

Integrity verification

Hash-based verification ensures that a file has not been corrupted by comparing the file's hash value to a previously calculated value. If these values match, the file is presumed to be unmodified.

Tell Me More ›

What is GPG verification? ›

If you sign a file using your personal secret key, anyone can verify that this file has not been modified (i.e. the hash matches the one in your signature) via your public key. GPG signatures are widely used by Linux package managers such as apt to verify the integrity of downloaded files.

Show Me More ›

How do I verify my signature on PKI? ›

To verify the authenticity of the digital signature, the recipient uses the signer's public key, which is accessible to everyone. The recipient decrypts the digital signature using the public key and compares the resulting hash value with a newly generated hash value from the received digital data.

Explore More ›

How do I verify my GPG suite? ›

Verify signature of any file

download file.
and corresponding gpg signature file.
import public key, matching the secret key used to generate the signature of the file you are looking to verify, into GPG Keychain.

More items...

Dec 13, 2021

How much does Gpg4win cost? ›

Gpg4win is Free Software and consist of several independently developed packages, available under different license conditions. Most of these packages however are available under the GNU General Public License (GNU GPL).

Show Me More ›

What is the difference between GnuPG and Gpg4win? ›

Gpg4win is the official GnuPG distribution for Windows and provides the high cryptographic standards of the GNU Privacy Guard. GnuPG follows the recommendations regarding algorithms and key length of the German Federal Office for Information Security (BSI).

Read The Full Story ›

Is Gpg4win free? ›

Gpg4win is Free Software. Join the community!

See Details ›

How does eCryptfs work? ›

eCryptfs stores cryptographic metadata in the header of each file, so that encrypted files can be copied between hosts; the file will be decrypted with the proper key in the Linux kernel keyring. There is no need to keep track of any additional information aside from what is already in the encrypted file itself.

Get More Info Here ›

How can you be sure the integrity of the file is correct? ›

Steps to check and verify file integrity

Based on a comparison of file names, do all the expected files show up?
Do the files have the same checksum?
Is the metadata identical? Or does it differ only where required, like accommodating differences in repositories?

Mar 9, 2022

How to check file integrity using MD5? ›

Open a terminal window. Type the following command: md5sum [type file name with extension here] [path of the file] -- NOTE: You can also drag the file to the terminal window instead of typing the full path. Hit the Enter key. You'll see the MD5 sum of the file.

Which command can be used to check file integrity? ›

Use the fsck command to check and interactively repair inconsistent file systems.

View Details ›

How is data integrity verified? ›

Verification is achieved by calculating and comparing the hash value of files on both source and destination and assures that the backup file is intact and is not corrupted during the transfer.