Check integrity of Gpg4win packages
How to actually perform the checks can be found e.g. on the GnuPG web page on integrity checks.SHA1 checksums
4c9cb8f046eceb68e7912c004a7345365a151f69 gpg4win-2.0.4.exe db644790aa411f1744bb1d94e52311b8c6bf4a8e gpg4win-light-2.0.4.exe d45df4083d076c5907a5d3b2441d9068f403d213 gpg4win-src-2.0.4.exe 346cf3bbd91310c05df062e2ded3ce726b22fae6 gpg4win-2.0.4.tar.bz2
MD5 checksums
Attention: Using of MD5 is insecure! Please use SHA1 only.4446661096186aa92ccd8b2e25a5921b gpg4win-2.0.4.exe 1b71fe7b408d875a5eebeefee89a4317 gpg4win-light-2.0.4.exe 1e6e6fbbce6e3c35b8b72ffe1817bdff gpg4win-src-2.0.4.exe b41142bd185b1f2478ffc11939605a8c gpg4win-2.0.4.tar.bz2
OpenPGP signatures
For gpg4win-2.0.4.exe: http://ftp.gpg4win.org/gpg4win-2.0.4.exe.sigFor gpg4win-light-2.0.4.exe: http://ftp.gpg4win.org/gpg4win-light-2.0.4.exe.sig
For gpg4win-src-2.0.4.exe: http://ftp.gpg4win.org/gpg4win-src-2.0.4.exe.sig
For gpg4win-2.0.4.tar.bz2: http://ftp.gpg4win.org/gpg4win-2.0.4.tar.bz2.sig
The signatures have been created with the following OpenPGP certificate
Intevation File Distribution Key
The certificate be retrieved from OpenPGP certificate servers. Loading a certificate from a certificate server can be done e.g. via Kleopatra or GPA. Checking the the signature of a file is best done with GpgEX via the Explorer.
File lengths
If you have a mismatch on the checksum or a bad signature you should first verify that you really downloaded the complete file. Here are the lengths you should get:35928792 bytes for gpg4win-2.0.4.exe 12406071 bytes for gpg4win-light-2.0.4.exe 265226807 bytes for gpg4win-src-2.0.4.exe 6901636 bytes for gpg4win-2.0.4.tar.bz2