English | Deutsch
Home »

Check integrity of Gpg4win packages

How to actually perform the checks can be found e.g. on the GnuPG web page on integrity checks.

SHA1 checksums

a94b292c8944576e06fe8c697d5bb94e365cae25  gpg4win-2.1.1.exe
7ae17695b4418c8d81652ae0db0f3957479fdff4  gpg4win-light-2.1.1.exe
98beddf13d924707316b1bfd2b73ea5f25e767b2  gpg4win-vanilla-2.1.1.exe
e30e6fb4da533ccffd9fe177f96bbec1a0ac58a9  gpg4win-src-2.1.1.exe
6409d5a51ca3152760892d463e814ad61480685a  gpg4win-2.1.1.tar.bz2

OpenPGP signatures

For gpg4win-2.1.1.exe: http://files.gpg4win.org/gpg4win-2.1.1.exe.sig
For gpg4win-light-2.1.1.exe: http://files.gpg4win.org/gpg4win-light-2.1.1.exe.sig
For gpg4win-vanilla-2.1.1.exe: http://files.gpg4win.org/gpg4win-vanilla-2.1.1.exe.sig
For gpg4win-src-2.1.1.exe: http://files.gpg4win.org/gpg4win-src-2.1.1.exe.sig
For gpg4win-2.1.1.tar.bz2: http://files.gpg4win.org/gpg4win-2.1.1.tar.bz2.sig

The signatures have been created with the following OpenPGP certificate
Intevation File Distribution Key (Key ID: EC70B1B8)

The certificate be retrieved from OpenPGP certificate servers. Loading a certificate from a certificate server can be done e.g. via Kleopatra or GPA. Checking the the signature of a file is best done with GpgEX via the Explorer.

File lengths

If you have a mismatch on the checksum or a bad signature you should first verify that you really downloaded the complete file. Here are the lengths you should get:

35935152  bytes for gpg4win-2.1.1.exe
15474320  bytes for gpg4win-light-2.1.1.exe
5260312   bytes for gpg4win-vanilla-2.1.1.exe
323754224 bytes for gpg4win-src-2.1.1.exe
5902095   bytes for gpg4win-2.1.1.tar.bz2