Checking Integrity of GPG4Windows

Mon Sep 19 16:37:03 CEST 2016

On 2016-09-19 at 05:36, aguy whowrites wrote:
> I am trying to follow the instructions for not having an old version of
> GPG installed, however where do I enter the following code they suggest
> and how do I modify it for my GPG4Windows executable file? What program
> do I use? Keep in mind I don't have an old version of GPG installed.

You need to use a checksum software for it. Usually it would be md5sum
or shaXsum, as the page you shared tells, but Windows does not have
those natively. You'll have to download a compiled binary of those
elsewhere.

Fortunately, there's a native tool for computing hash on Windows, but
you'll need to manually compare both hashes yourself or have a script do
that for you. By opening a CMD or Powershell console and entering:

   certutil -hashfile [PATH\TO\]FILE ALGORITHM

It will output the hash separated by spaces of the file using the
algorithm specified on the command (ex: MD5, SHA1, SHA256 and SHA512).

Also, Powershell has the Get-FileHash command which, by using the next
command, you can compare file hashes easily:

   if("HASH" -eq (Get-FileHash -Algorithm ALGO -path FILE) { echo "OK" }
else { echo "Hash mismatch"}

Where HASH is the hash you want to check, ALGO is the algorithm for the
hash you want to compute/check and FILE is the path to the file you want
to compute/check the has. If it says "OK" then you have the correct file.

If all this seems complicated you can also use third-party software
alternatives:

* [Easy] Install and use any GUI checksum software like HashTab or
HashCheck to name two. HashTab integrates to the explorer so by
right-clicking on a file, going to its properties and going to the File
Hashes tab it will show a list of hashes and you can compare the hash in
that same tab.

* [Moderate] Install Git for Windows which should install the *sum
software and you can just do the command on that page.

* [Moderate] Cygwin also have them when you install it but it may be
confusing to use as Cygwin's home is different that your user one and to
access a drive you must use cd /cygdrive/c/path/to/file (if it's on C,
else use the other letter). Other than that, it's similar to us Git for
Windows.

* [Advanced; Windows 10 Build 1511 or greater] Not a third party
software. Install Windows Subsystem for Linux (WSL) which should have
the *sum software. It requires you to know how to mount a system on
Unix, as WSL has no access to the files in C: or any other drives initially.

There are other alternatives but those are some I'd recommend.

At last, if you trust me I haven't modified these files, you can
download the portable checksum binaries from this folder. I wish I could
credit the one that built them but Google is giving me no results.

https://keybase.pub/starkythefox/checksum-software/

No need for installation, just download and use CMD or Powershell
console, go to the folder where you downloaded them with "cd
path\to\folder" and use the specific binary for the algorithm.

Feel free to ask anything if you still need help.

-- 
Juan Miguel Navarro Martínez

GPG Keyfingerprint:
5A91 90D4 CF27 9D52 D62A
BC58 88E2 947F 9BC6 B3CF

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160919/2a055988/attachment.sig>