how to verify downloaded file

Todd Todd <>
Mon Jul 21 21:04:02 2003

Hash: SHA1 wrote:
> I've downloaded and installed gnupg for the sole purpose of verifying
> the integrity of a downloaded file.  My OS is Windows2000.
> This looked OK.  Then:
>   C:\My Download Files>gpg --verify stunnel-4.04.exe
>   gpg: no valid OpenPGP data found.
>   gpg: the signature could not be verified.
>   Please remember that the signature file (.sig or .asc)
>   should be the first file given on the command line.
> What must I do to verify the downloaded file?

You want to download the detached signature for the stunnel binary.  A quick
look at the stunnel site show it's here:

Download it to the same folder that the stunnel exe is in and run:

    gpg stunnel-4.04.exe.asc

That should do what you want.  You will probably get a message about good
signature from an untrusted key, unless you signed the key you imported in
the first step with a trusted key.  To understand all of this, you'll want
to read through the gpg help and FAQ probably.

- -- 
Todd              OpenPGP -> KeyID: 0xD654075A | URL:
Teach a man to make fire, and he will be warm for a day.
Set a man on fire, and he will be warm for the rest of his life.
    -- John A. Hrastar

Version: GnuPG v1.2.2 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.