= Check integrity of Gpg4win packages = You can check packages by their SHA1 Checksum, by OpenPGP Singature (if you already have GnuPG installed) or by the Code Signing Certficate. The Checksums and Information you need to verify your downloaded package files, are available on the [[https://www.gpg4win.org/package-integrity.html|Gpg4Win package integrity]] site. <> == SHA1 checksums == Once you downloaded the file from [[https://www.gpg4win.org/|Gpg4Win.org]], you can verify its SHA1 checksums. On machines that run Windows 8 or newer, you can recieve the desired output, by opening a command line, navigate to your Download-Folder and put in the line: {{{certutil -hashfile FileToHash.exe sha1}}} On Systems that run older operating systems, then Windows 8: Install a certain [[https://support.microsoft.com/en-us/kb/934576?spid=12925&sid=1569|Windows Patch]], wich delivers the functionality. Once you entered the operation, the command line will return an alphanumeric string, which yu can compare to the one on the [[https://www.gpg4win.org/package-integrity.html|Gpg4Win package integrity]] site. == OpenPGP signatures == If you upgrade your Gpg4Win version, you already have gnupg installed and you can verify the integrity of the downloaded file, by its OpenPGP signature. To do so, you have to download, next the file, the signature of the file. You'll find the download-links on the [[https://www.gpg4win.org/package-integrity.html|Gpg4Win package integrity]] site. The Key, with which the files are signed, is also given on that page. You have to import the key and now you can validate the signature of the file with the command {{{gpg --verify gpg4win*.exe.sig gpg4win*.exe}}} == File lengths == Navigate to the folder, where you downloaded the Gpg4Win packages to, and enter {{{dir}}} The command will list all files and their sizes in the directory. You can then compare those results with the sizes given on the [[https://www.gpg4win.org/package-integrity.html|Gpg4Win package integrity]] site. == Code Signing Certificate == All Gg4win installer files since April 2016 that can be downloaded via [[https://www.gpg4win.org/|Gpg4Win.org]] are code signed. The signature informations used to code sing the packages can be found on the [[https://www.gpg4win.org/package-integrity.html|Gpg4Win package integrity]] site. To verify the integrity, you open a command line, navigate to the folder and enter {{{SignTool verify gpg4win*.exe}}} == Troubleshooting == If you encounter any problems, please feel free to ask them at the forums or on the mailinglist. If you already figured out, how to fix your issue, please leave your answer here