Gpg4win verification questions


Could you help me with Gpg4win verification under Win7? I am noob.
Note, I will be translating communicates from my language to English by myself, not copy paste them exactly.

I’ve downloaded gpg4win-3.1.11.exe from wwwgpg4winorg to the folder, the path is:

Now I need to do 3 things:

1) check file length based on - it went without problems, no questions here

2) check signing certificate

I try to use Method A: UAC .
I click 2 times on the *.exe file. I see that publisher is ‘Intevation GmbH’ (is this proper one?)

Than I click on publisher name and than I go to 'display certificate’and ‘details’
and can find some information of ‘Code Signing Certificate’ (this text is from but I cannot find rest:

 S/N: 53F647D0F1DBA9E312A05669

Issuer: CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE
Subject: 1.2.840.113549.1.9.1=#636F64657369676E696E6740696E7465766174696F6E2E6465,
CN=Intevation GmbH,O=Intevation GmbH,L=Osnabrueck,ST=Niedersachsen,C=DE
md5_fpr: 4C:AD:36:5A:30:06:B0:A3:6D:BB:1E:30:1E:44:4E:17
notBefore: 2019-03-13 12:15:07
notAfter: 2022-04-30 16:54:41

(I cannot find:
Subject: 1.2.840.113549.1.9.1=#636F64657369676E696E6740696E7465766174696F6E2E6465
md5_fpr: 4C:AD:36:5A:30:06:B0:A3:6D:BB:1E:30:1E:44:4E:17)

Where to find rest of information? Or I missed something?
Mayby I should not be able to find them using this method (what I am afraid most is that I cannot find them because there are different values in the certificate (so it is wrong), but mayby they are just missing)
Or information seen are enough to verify the file?

3) SHA checksums verifcation

I have some error here. I click on the folder c:\gpg\ with ‘shift’ and click ‘open cmd here’.
Note, that the only file in the folder is gpg4win-3.1.11.exe
Than, based on CheckIntegrity page, I enter:
certutil -hashfile gpg4win-3.1.11.exe sha256 (I’ve changed only version number of the file)

so it looks like:

C:\gpg\certutil -hashfile gpg4win-3.1.11.exe sha256

but I got information, that:

CertUtil: -hashfile command execution was not successfull: number
CertUtil WsResetMetadata

than I try the same with sha,changing sha256 to sha1 in command, but there is also error

but the communicate stays the same (please note I translated this by my own, if you have Win in English communicate may be slight different, also I only entered ‘number’ not true digits)

I think I should see sha256 number given on the website.
Than, if it would be right verification process would be finished (file length, certificate and sums would be checked) and no more action is required?

If you want to send encrypted emails to somebody, there are easier ways to do it.

Use an email provider like Tutanota or Protonmail and use a PGP key that you have created to sign messages.


Try following this guide for GPG4Win

Thank you, but for now I need this program to verify downloads (like Linux distros) from the internet.

However, what I need first if to verify if gpg4win.exe I downloaded is correct file.
I tried to verify it as per instructions given on site (, but I was blocked by problems described in my post.