m4_dnl -*-html-*- m4_include(`template.m4') m4_dnl $Id$ m4_define(`EN') m4_define(`DE_FILE', `package-integrity-de.html') PAGE_START

Check integrity of Gpg4win packages

How to actually perform the checks can be found e.g. on the GnuPG web page on integrity checks.

SHA1 checksums

SHA1_EXE  gpg4win-VERSION.exe
SHA1_EXL  gpg4win-light-VERSION.exe
SHA1_EXS  gpg4win-src-VERSION.exe
SHA1_SRC  gpg4win-VERSION.tar.bz2

MD5 checksums

Attention: Using of MD5 is insecure! Please use SHA1 only.

MD5_EXE  gpg4win-VERSION.exe
MD5_EXL  gpg4win-light-VERSION.exe
MD5_EXS  gpg4win-src-VERSION.exe
MD5_SRC  gpg4win-VERSION.tar.bz2

OpenPGP signatures

For gpg4win-VERSION.exe: http://ftp.gpg4win.org/gpg4win-VERSION.exe.sig
For gpg4win-light-VERSION.exe: http://ftp.gpg4win.org/gpg4win-light-VERSION.exe.sig
For gpg4win-src-VERSION.exe: http://ftp.gpg4win.org/gpg4win-src-VERSION.exe.sig
For gpg4win-VERSION.tar.bz2: http://ftp.gpg4win.org/gpg4win-VERSION.tar.bz2.sig

The signatures have been created with the OpenPGP certificate with the ID 1CE0C630 and can be retrieved from OpenPGP certificate servers.

Loading a certificate from a certificate server can be done e.g. via Kleopatra or GPA. Checking the the signature of a file is best done with GpgEX via the Explorer.

File lengths

If you have a mismatch on the checksum or a bad signature you should first verify that you really downloaded the complete file. Here are the lengths you should get:

LEN_EXE bytes for gpg4win-VERSION.exe
LEN_EXL bytes for gpg4win-light-VERSION.exe
LEN_EXS bytes for gpg4win-src-VERSION.exe
LEN_SRC bytes for gpg4win-VERSION.tar.bz2