= Check integrity of Gpg4win packages = How to actually perform the checks can be found e.g. on the [[https://www.gnupg.org/download/integrity_check.html|GnuPG web page on integrity checks]]. == SHA1 checksums == |{{{67e13c4f90ff6a70ad57bd31af64a238c9315308}}} | {{{gpg4win-2.3.3.exe}}} | |{{{71a3ed36a8af2ef14c7ac4d2d25fa2fef9eaa13b}}} | {{{gpg4win-light-2.3.3.exe}}} | |{{{a105cc82d60a315a14a4f69ea783a83baa434e55}}} | {{{gpg4win-vanilla-2.3.3.exe}}} | |{{{46349916d17854e90bc9fe311b280af359350236}}} | {{{gpg4win-src-2.3.3.exe}}} | |{{{5fa6d34206f3b08f1fdee58b03db1dc06c627388}}} | {{{gpg4win-2.3.3.tar.bz2}}} | == OpenPGP signatures == For {{{gpg4win-2.3.3.exe}}}: [[https://files.gpg4win.org/gpg4win-2.3.3.exe.sig]]\\ For {{{gpg4win-light-2.3.3.exe}}}: [[https://files.gpg4win.org/gpg4win-light-2.3.3.exe.sig]]\\ For {{{gpg4win-vanilla-2.3.3.exe}}}: [[https://files.gpg4win.org/gpg4win-vanilla-2.3.3.exe.sig]]\\ For {{{gpg4win-src-2.3.3.exe}}}: [[https://files.gpg4win.org/gpg4win-src-2.3.3.exe.sig]]\\ For {{{gpg4win-2.3.3.tar.bz2}}}: [[https://files.gpg4win.org/gpg4win-2.3.3.tar.bz2.sig]]\\ The signatures have been created with the following OpenPGP certificate\\ [[https://ssl.intevation.de/|Intevation File Distribution Key (Key ID: EC70B1B8)]] The certificate be retrieved from OpenPGP certificate servers. Loading a certificate from a certificate server can be done e.g. via Kleopatra or GPA. Checking the signature of a file is best done with GpgEX via the Explorer. == File lengths == If you have a mismatch on the checksum or a bad signature you should first verify that you really downloaded the complete file. Here are the lengths you should get: | {{{25629112}}} | bytes for {{{gpg4win-2.3.3.exe}}} | | {{{8461096}}} | bytes for {{{gpg4win-light-2.3.3.exe}}} | | {{{3321976}}} | bytes for {{{gpg4win-vanilla-2.3.3.exe}}} | | {{{301613824}}} | bytes for {{{gpg4win-src-2.3.3.exe}}} | | {{{5913239}}} | bytes for {{{gpg4win-2.3.3.tar.bz2}}} | == Code Signing Certificate == All Gpg4win exe installer files since April 2016 are signed with the following code signing certificate: | S/N: | {{{1121A3D67EAB28AA86FD85728B57FA62630D}}} | | Issuer: | {{{CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE}}} | | Subject: | {{{1.2.840.113549.1.9.1=#636F64657369676E696E6740696E7465766174696F6E2E6465,CN=Intevation GmbH,O=Intevation GmbH,L=Osnabrueck,ST=Niedersachsen,C=DE}}} | | sha1_fpr: | {{{DE:16:D5:97:2F:0B:73:95:F7:D9:1E:DC:1F:21:9B:0F:FE:89:FA:B3}}} | | md5_fpr: | {{{C0:98:08:94:D4:E7:97:3E:9D:F4:18:E4:5E:0A:2E:D7}}} | | notBefore: | {{{2016-03-30 16:54:41}}} | | notAfter: | {{{2019-03-31 16:54:41}}} | ---- Previously used code signing certificates were: | S/N: | {{{112117F638BDC993B761C6073D63C2F86EC4}}} | | Issuer: | {{{CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE}}} | | Subject: | {{{1.2.840.113549.1.9.1=#636F64657369676E696E6740696E7465766174696F6E2E6465,CN=Intevation GmbH,O=Intevation GmbH,L=Osnabrueck,ST=Niedersachsen,C=DE}}} | | sha1_fpr: | {{{15:94:27:DA:C1:6E:68:A4:DD:47:EF:04:D2:17:C5:56:00:CF:A0:EC}}} | | md5_fpr: | {{{35:64:A0:D5:FC:6A:58:83:B8:C4:F7:1F:1C:F9:A6:9E}}} | | notBefore: | {{{2013-06-20 14:48:08}}} | | notAfter: | {{{2016-09-10 09:27:26}}} | and | S/N: | {{{0100000000012A60AF8A8F}}} | | Issuer: | {{{CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE}}} | | Subject: | {{{1.2.840.113549.1.9.1=#636F64657369676E696E6740696E7465766174696F6E2E6465,CN=Intevation GmbH,O=Intevation GmbH,C=DE}}} | | sha1_fpr: | {{{B4:71:26:90:F0:3A:69:1E:F0:75:3F:8D:11:C9:EA:C3:6D:FB:7C:92}}} | | md5_fpr: | {{{80:0E:E2:F9:6F:AC:F4:16:0F:B2:AB:65:CA:82:22:55}}} | | notBefore: | {{{2010-08-11 09:27:29}}} | | notAfter: | {{{2013-08-11 09:27:26}}} |