Could you help me with Gpg4win verification under Win7? I am noob.
Note, I will be translating communicates from my language to English by myself, not copy paste them exactly.
I’ve downloaded gpg4win-3.1.11.exe from wwwgpg4winorg to the folder, the path is:
Now I need to do 3 things:
1) check file length based on https://wiki.gnupg.org/Gpg4win/CheckIntegrity - it went without problems, no questions here
2) check signing certificate
I try to use Method A: UAC .
I click 2 times on the *.exe file. I see that publisher is ‘Intevation GmbH’ (is this proper one?)
Than I click on publisher name and than I go to 'display certificate’and ‘details’
and can find some information of ‘Code Signing Certificate’ (this text is from https://www.gpg4win.org/package-integrity.html) but I cannot find rest:
Issuer: CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE
CN=Intevation GmbH,O=Intevation GmbH,L=Osnabrueck,ST=Niedersachsen,C=DE
notBefore: 2019-03-13 12:15:07
notAfter: 2022-04-30 16:54:41
(I cannot find:
Where to find rest of information? Or I missed something?
Mayby I should not be able to find them using this method (what I am afraid most is that I cannot find them because there are different values in the certificate (so it is wrong), but mayby they are just missing)
Or information seen are enough to verify the file?
3) SHA checksums verifcation
I have some error here. I click on the folder c:\gpg\ with ‘shift’ and click ‘open cmd here’.
Note, that the only file in the folder is gpg4win-3.1.11.exe
Than, based on CheckIntegrity page, I enter:
certutil -hashfile gpg4win-3.1.11.exe sha256 (I’ve changed only version number of the file)
so it looks like:
C:\gpg\certutil -hashfile gpg4win-3.1.11.exe sha256
but I got information, that:
CertUtil: -hashfile command execution was not successfull: number
than I try the same with sha,changing sha256 to sha1 in command, but there is also error
but the communicate stays the same (please note I translated this by my own, if you have Win in English communicate may be slight different, also I only entered ‘number’ not true digits)
I think I should see sha256 number given on the website.
Than, if it would be right verification process would be finished (file length, certificate and sums would be checked) and no more action is required?