GPGEX

Hi,

Just tried to verify a download by following that instruction:

Okay, now that we have both the signature file and the PGP public key, let us now verify our
download. First thing you need to do is navigate to the PGP public key file, called Intervation-
Distribution-Key.asc, right click it and go to More GpgEX Options and down to Import
Keys. This will import the PGP public key into your key ring, and now you can verify the file with
the signature.
Right click your actual file you want to verify, in this case gpg4win-2.2.1.exe and go to More
GpgEX Options and down to Verify and it should automatically detect the signature file where it
says Input File, but if it does not, navigate to the signature file and make sure the box below it
where it says Input file is a detached signature is checked. Look at the bottom and click
Decrypt/Verify and you will likely get the following message.

GPGEX does not seem to exist…if so, how can I verify a download?
Thanks for your advice!

If you have Kleopatra installed, you can click the “File” menu, then click “Decrypt/Verify Files”. In the dialogue, select the file (or signature) you want to verify. [Note: Make sure the file and signature are in the same location.] Kleopatra should detect the detached signature and the file it is signing if they have similar names. If they do not have similar names, select the signature file in the “Decrypt/Verify Files” dialogue and in the field where it says “signed data”, type the name of the file to be verified or use the button to the right to navigate to it. Finally, click the “Decrypt/Verify” button at the bottom of the dialogue.

Another method is to use the command prompt. Open the command line interface and navigate to the folder containing the file and signature. At the prompt, type "gpg -v [name of signature file] and hit “Enter”. Again, if the files are similarly named, gpg should automatically detect the file to be verified. If they are not, you will be prompted to type the name of the file to be verified.

In either case, be sure to certify the public key being used to verify the signature. This can be done by clicking the key to be certified and then clicking the “Certificates” menu. Then, click “Certify Certificate” and follow the prompts.

Regards,
Sean C.