Answer: Are SHA1 sums on checked regularly?

Peter Lebbing peter at
Fri Jul 26 20:26:27 CEST 2013

On 26/07/13 17:31, Jan wrote:
> I'm thinking of someone how uses windows and wants to install gnupg for the
> first time. How can he/she rely on OpenPGP?

By running a Linux Live CD to do the verification. How does he know the CD is
genuine? The thing is, somewhere the trust has to start. It's a bootstrapping

Also, how do you trust the OpenPGP signature is made by the correct key, etcetera.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list