{"id":1065,"date":"2022-12-04T16:55:41","date_gmt":"2022-12-04T16:55:41","guid":{"rendered":"https:\/\/3d-imaging.co.uk\/blog\/?p=1065"},"modified":"2022-12-05T14:24:45","modified_gmt":"2022-12-05T14:24:45","slug":"verifying-sig-files-with-gpgp4win","status":"publish","type":"post","link":"https:\/\/3d-imaging.co.uk\/blog\/verifying-sig-files-with-gpgp4win\/","title":{"rendered":"Verifying .sig files with GPGP4win"},"content":{"rendered":"

Follow the method below from the GnuPG Gpg4win website<\/a><\/p>\n

\n

OpenPGP signatures<\/h2>\n

If you upgrade your Gpg4Win version, you already have gnupg installed and you can verify the integrity of the downloaded file, by its OpenPGP signature. To do so, you have to download, next the file, the signature of the file. You’ll find the download-links on the Gpg4Win package integrity site. The ey, with which the files are signed, is also given on that page. You have to import the public key and now you can validate the signature of the file with the command<\/p>\n

gpg –verify gpg4win*.exe.sig gpg4win*.exe\n<\/p><\/blockquote>\n

Make sure that the non-default GPA component is installed when installing GPG4Win<\/a>
\n<\/p>\n

When running the command:
\ngpg --verify gpg4win*.exe.sig gpg4win*.exe<\/code><\/p>\n

You may get the error:
\n'gpg' is not recognized as an internal or external command,
\noperable program or batch file.<\/code>
\n<\/p>\n

This can be fixed by updating your PATH variable<\/p>\n

<\/p>\n

Adding the Folder with the Gpg4win Tools to the PATH Variable<\/h3>\n

This is one method to fix this (from stackoverflow.com<\/a>):<\/p>\n

when you receive this error message, \u201cgpg is not recognized as an internal or external command\u201d then you need to update your PATH variable.
\nTo do this without reboot:
\nOpen up a command prompt window
\nPaste this in:
\nSET PATH=%PATH%;C:\\Program Files (x86)\\GNU\\GnuPG
\nHit Enter<\/p><\/blockquote>\n

Another way is to:
\nType Environment into Windows Search then click on “Edit the system environment variables”
\n<\/p>\n

Click on “Environment Variables”:
\n<\/p>\n

Then Select the PATH variable at the top of the dialogue box.
\nClick Edit
\nAdd
\n;C:\\Program Files (x86)\\GNU\\GnuPG<\/code>
\nto the end of the existing text.
\nClick OK 3 times.
\nThen restart your machine and try
\ngpg --verify gpg4win*.exe.sig gpg4win*.exe<\/code>
\nagain.
\n<\/p>\n

Now after a restart trying again in the command window:
\ngpg --verify gpg4win*.exe.sig gpg4win*.exe<\/code>
\nnow gives
\nE:\\My-Valnondat\\Foss\\Verifying FOSS with signatures and hashes\\PGP4Win>gpg --verify gpg4win*.exe.sig gpg4win*.exe
\ngpg: Signature made 14\/10\/2022 17:24:16 GMT Summer Time
\ngpg: using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA
\ngpg: Can't check signature: No public key<\/code><\/p>\n

<\/p>\n

Search on keys.openpgp.org for the above found EEDSA key 6DAA6E64A76D2840571B4902528897B826403ADA and save the resulting public key:
\n<\/p>\n

Start Kleopatra and Import the downloaded public key 6DAA6E64A76D2840571B4902528897B826403ADA.asc
\n<\/p>\n

Alternatively Lookup on Server from within Kleopatra and Import:
\n<\/p>\n

Click yes:
\n<\/p>\n

Click yes to create an OpenPGP certificate for yourself.<\/p>\n

Add Name and email address
\n<\/p>\n

OpenPGP Certificate made:
\n<\/p>\n

Change Certification Trust by right clicking the imported certificate:
\n<\/p>\n

Change Trust Level to:
\nI believe checks are very accurate
\n<\/p>\n

<\/p>\n

Now trying again in the command window:
\nE:\\My-Valnondat\\Foss\\Verifying FOSS with signatures and hashes\\PGP4Win>gpg –verify gpg4win*.exe.sig gpg4win*.exe
\ngpg: Signature made 14\/10\/2022 17:24:16 GMT Summer Time
\ngpg: using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA
\ngpg: Good signature from “Werner Koch (dist signing 2020)” [unknown]
\ngpg: WARNING: This key is not certified with a trusted signature!
\ngpg: There is no indication that the signature belongs to the owner.
\nPrimary key fingerprint: 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA<\/p>\n

<\/p>\n

If you certify by right clicking:
\n<\/p>\n

<\/p>\n

<\/p>\n

Then the command window comes out like this:
\nE:\\My-Valnondat\\Foss\\Verifying FOSS with signatures and hashes\\PGP4Win>gpg --verify gpg4win*.exe.sig gpg4win*.exe
\ngpg: Signature made 14\/10\/2022 17:24:16 GMT Summer Time
\ngpg: using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA
\ngpg: Good signature from \"Werner Koch (dist signing 2020)\" [full]<\/code><\/p>\n

Useful video going through this method:
\n[wpdevart_youtube caption=”” align=”left”]Nkld7E9AOXI[\/wpdevart_youtube]<\/p>\n","protected":false},"excerpt":{"rendered":"

Follow the method below from the GnuPG Gpg4win website OpenPGP signatures If you upgrade your Gpg4Win version, you already have…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"__cvm_playback_settings":[],"__cvm_video_id":"","footnotes":""},"categories":[26],"tags":[],"yst_prominent_words":[],"class_list":{"0":"post-1065","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-verifying-foss-sofware"},"menu_order":0,"_links":{"self":[{"href":"https:\/\/3d-imaging.co.uk\/blog\/wp-json\/wp\/v2\/posts\/1065","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/3d-imaging.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/3d-imaging.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/3d-imaging.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/3d-imaging.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=1065"}],"version-history":[{"count":0,"href":"https:\/\/3d-imaging.co.uk\/blog\/wp-json\/wp\/v2\/posts\/1065\/revisions"}],"wp:attachment":[{"href":"https:\/\/3d-imaging.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=1065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/3d-imaging.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=1065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/3d-imaging.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=1065"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/3d-imaging.co.uk\/blog\/wp-json\/wp\/v2\/yst_prominent_words?post=1065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}