I started with using GPG4Win for veryfying the signed installers as recommended by a.o. Keepass and Veracrypt.
After some time I got it working, and now noticed that GPG4win should also be able to verify the checksums that come with the installers.
As using GUI-based verification (right-click-verify) could a lot of time in theory, I though I try out this nifty feature. However, for the first day, I could not get it to work, nor find any information on how to use it as most Googled tutorials explain how to use GPG4Win/Kleopatra for signature verification, not for hash verification.
It is not mentioned in your Documentation/compandium, and the Wiki entry is empty
I finally found a site that explained that the file should be named sha1sum.txt and on the format shasum space space filename, and from there on got it to work on a few keys.
I wrote a ’ tutorial’ for myself of what worked and did not work, and thought I’d share it here. Please tell me if what I found is correct or not. (And if it is correct, please use it to update your wiki. In my search for an answere I found more people struggling how to use it).
Tried on Win10 with WinGPG 2.3.2 and gpg4win-3.0.0-beta279
Of course, once I got here to post I found THIS tutorial, which rejects most of what I found, as it allows a PGP signature in a differently named sha file…
Use only on sha1sum.txt; right-click: More GpgEx Options> Verify checksum.
Do NOT use on file to be verified, it will give an error.
A checksum file contains the sha1 hash, followed by TWO spaces, followed by the filename, finishing with a RETURN and empty line
Creating a (new) Checksum WILL overwrite the current file WITHOUT asking.
The checksum file MUST be named ‘sha1sum.txt’
The file MAY contain multiple checksums/filenames
The filename MAY include the directory the file is in
The hash MUST be a sha1 hash (not SHA256, 512, md5 etc)
the hash MAY NOT contain spaces
MD5 : 79E4A9E6 DAEBEC2E 0319E650 08E7C2CD
SHA1 : B10B1397 97E2604E 6F14B35C 96A6B07C 658272D2
SHA256 : 5FB46A14 E19B47E3 54E3E7D3 6C9A8596
5D62A2D1 81AC746C FF33053A 521A77B1
Size64 : 00000000 002F52FD