Navigation

Home
About Gpg4win
Download
Documentation
Community (Contact)
 - Getting involved
 - Reporting problems
 - Development Site
Professional Support
Links
Impressum

Sponsorship

Allowed to publish your sponsorship?
Yes No

Miscellaneous

Short Study: "Sustainable Free Software: From project to permanent activity, using the example Gpg4win

Check integrity of Gpg4win packages

How to actually perform the checks can be found e.g. on the GnuPG web page on integrity checks.

SHA1 checksums

f26500890f2adb65992fcf3aaeb855e1fe444f55  gpg4win-2.0.1.exe
9468ed74245419f1197d42090a06a56859086657  gpg4win-light-2.0.1.exe
6513e46b90c0cf391bbc0531a7b1cc95a0b6daf8  gpg4win-src-2.0.1.exe
5d04f0aaed889dedd1fc4ce545f7b90d63bf6aff  gpg4win-2.0.1.tar.bz2

MD5 checksums

Attention: Using of MD5 is insecure! Please use SHA1 only. 
17fbb670154a53cc1124937b443c92a9  gpg4win-2.0.1.exe
a53b090a15783758823ee5aabd3a25d1  gpg4win-light-2.0.1.exe
c2ae09227e93110ff355dc5b1e575e67  gpg4win-src-2.0.1.exe
5fd5ad986543d8f67489a0043d15ec69  gpg4win-2.0.1.tar.bz2

OpenPGP signatures

For gpg4win-2.0.1.exe: http://ftp.gpg4win.org/gpg4win-2.0.1.exe.sig
For gpg4win-light-2.0.1.exe: http://ftp.gpg4win.org/gpg4win-light-2.0.1.exe.sig
For gpg4win-src-2.0.1.exe: http://ftp.gpg4win.org/gpg4win-src-2.0.1.exe.sig
For gpg4win-2.0.1.tar.bz2: gpg4win-2.0.1.tar.bz2.sig which can be found here.

The signatures have been created with the OpenPGP certificate with the ID 1CE0C630 and can be retrieved from OpenPGP certificate servers.

Loading a certificate from a certificate server can be done e.g. via Kleopatra or GPA. Checking the the signature of a file is best done with GpgEX via the Explorer.

File lengths

If you have a mismatch on the checksum or a bad signature you should first verify that you really downloaded the complete file. Here are the lengths you should get: 
36557658 bytes for gpg4win-2.0.1.exe
12337005 bytes for gpg4win-light-2.0.1.exe
289532343 bytes for gpg4win-src-2.0.1.exe
5246151 bytes for gpg4win-2.0.1.tar.bz2