Gpg4win 3.0.0 Path Issue and Request to Add More Hash Sum Checkers

I installed Gpg4win 3.0.0 and checked the PATH after rebooting.

I use a freeware program called Rapid Environment Editor to view the PATH info.

This is what was added to the PATH:

C:\Program Files (x86)\Gpg4win..\GnuPG\bin

This appears to be invalid as far as I understand.

I manually added the lines below:

C:\Program Files (x86)\Gpg4win\bin
C:\Program Files (x86)\GnuPG\bin

When I did that, I was able to use a md5sum command in a command prompt windows like I did using version 2.x.

I downloaded sha224sum.exe / sha384sum.exe / sha512sum.exe from
another web site in the past, but it adds a “*” in front of the filename which
causes problems with some hash verify commands.

The md5sum.exe / sha1sum.exe / sha256sum.exe provided in C:\Program Files (x86)\Gpg4win do NOT display the “*” in front of the filename.

If possible I would appreciate having someone add sha224sum.exe / sha384sum.exe / sha512sum.exe to the three hashing programs already included. The sha512sum.exe one is being used more often, so that is
the most useful if it requires too much effort to do all three.

Thank You


Thank you for your Report!

The PATH variable C:\Program Files (x86)\Gpg4win..\GnuPG\bin is valid. If you paste this to your File Explorer you will be lead to the GnuPG directory.

You are correct, that the Gpg4win\bin folder is not in the PATH. I created a report[1] to add that folder as well to the path.

I also added a feature request[2], so you may don’t have to relay on other applications to create checksums.

Best wishes,

[1] -
[2] -


From the linked issues you can read, that it is unlikely to happen, that the path is going to be taken into the Environment Variables. But there are ways you can use your desired checksum generators:

gpg --print-mds FILES
gpg --print-md ALGO FILES

With that in place, there is no need to alter your path or to add other executables for checksum generation.

Best wishes,

The path variable is partially invalid. The way is it coded only adds the following folder to the path:

C:\Program Files (x86)\GnuPG\bin

It was supposed to add two folders to the system path::

C:\Program Files (x86)\Gpg4win\bin
C:\Program Files (x86)\GnuPG\bin

I use the md5sum / sha1sum /sha256sum commands which are found
in the folder C:\Program Files (x86)\Gpg4win\bin

I ran the following commands iake Command (fancy Command Prompt)

[D:\Arc\K\KeePassXC] path
PATH=C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn;C:\Program Files (x86)\Gpg4win..\GnuPG\bin

[D:\Arc\K\KeePassXC] sha256sum -c KeePassXC-2.2.1-Win64.exe.DIGEST
TCC: Unknown command “sha256sum”

[D:\Arc\K\KeePassXC] “C:\Program Files (x86)\GnuPG\pub”\sha256sum -c KeePassXC-2.2.1-Win64.exe.DIGEST
KeePassXC-2.2.1-Win64.exe: OK

I manually deleted a number of other paths that displayed from the PATH command in order to reduce the size. The remaining info I posted was at the end of the PATH and not changed.

The sha256sum command was not found in the path. I had to manually
add the folder info in order to have the command be found and executed.

If possible I would appreciate having the sha512sum command included
in the folder C:\Program Files (x86)\Gpg4win\bin.

This method of verification is documented in several programs I use.

Thank you.

I tried the two commands you showed me and learned something new.

gpg --print-mds FILES
gpg --print-md ALGO FILES

The command I found in the verification documentation for keepassxc and few others compares the supplied DIGEST file to the downloaded file and
prints “ok” if they match, so the user does not have to manually compare values.

sha256sum -c KeePassXC-2.2.1-Win64.exe.DIGEST

Does that path check work for Keopatra too?
I noticed Kleopatra now works with the 256 sum check, but veracrypt is offering sha512sums too.
And how are .digest files supposed to work? with the GpgEx>checksum or the GPGex>verify option?
I was so glad I finally began to understand how tor ename checksum files after 3 days work :cry:


I agree that we should add more checksum tools (our task for this is ) The tools should comply to the standard way to be called like “sha1sum -c” to verify. Which is something you can’t do with the gpg commands.

I’m against adding Gpg4win/bin to the PATH as it is generally considered bad form on windows to do so and the checksum tools are primarily there to be used from Kleopatra itself.

A tech savy user that wants to script checksum verification or use the command line can in my opinion either add Gpg4win/bin to the PATH by themselves or use the full path to the binary in a script.

Best Regards,