Check integrity of Gpg4win packages
How to actually perform the checks can be found e.g. on the GnuPG web page on integrity checks.SHA1 checksums
f26500890f2adb65992fcf3aaeb855e1fe444f55 gpg4win-2.0.1.exe 9468ed74245419f1197d42090a06a56859086657 gpg4win-light-2.0.1.exe 6513e46b90c0cf391bbc0531a7b1cc95a0b6daf8 gpg4win-src-2.0.1.exe 5d04f0aaed889dedd1fc4ce545f7b90d63bf6aff gpg4win-2.0.1.tar.bz2
MD5 checksums
Attention: Using of MD5 is insecure! Please use SHA1 only.17fbb670154a53cc1124937b443c92a9 gpg4win-2.0.1.exe a53b090a15783758823ee5aabd3a25d1 gpg4win-light-2.0.1.exe c2ae09227e93110ff355dc5b1e575e67 gpg4win-src-2.0.1.exe 5fd5ad986543d8f67489a0043d15ec69 gpg4win-2.0.1.tar.bz2
OpenPGP signatures
For gpg4win-2.0.1.exe: http://ftp.gpg4win.org/gpg4win-2.0.1.exe.sigFor gpg4win-light-2.0.1.exe: http://ftp.gpg4win.org/gpg4win-light-2.0.1.exe.sig
For gpg4win-src-2.0.1.exe: http://ftp.gpg4win.org/gpg4win-src-2.0.1.exe.sig
For gpg4win-2.0.1.tar.bz2: gpg4win-2.0.1.tar.bz2.sig which can be found here.
The signatures have been created with the OpenPGP certificate with the ID 1CE0C630 and can be retrieved from OpenPGP certificate servers.
Loading a certificate from a certificate server can be done e.g. via Kleopatra or GPA. Checking the the signature of a file is best done with GpgEX via the Explorer.
File lengths
If you have a mismatch on the checksum or a bad signature you should first verify that you really downloaded the complete file. Here are the lengths you should get:36557658 bytes for gpg4win-2.0.1.exe 12337005 bytes for gpg4win-light-2.0.1.exe 289532343 bytes for gpg4win-src-2.0.1.exe 5246151 bytes for gpg4win-2.0.1.tar.bz2
