1. Gpg4Win
    1. Objective
    2. Setup
      1. Get the software
      2. Install the software
      3. Run the software
    3. Conclusion

Gpg4Win

Bu sayfanin TURKCE cevirisi var!

Objective

In this guide I will show you how to install the Gpg4Win software.

Using the Gpg4Win software, you can verify the digital signatures of the files and programs you download to your computer. This allows you to truly make sure that the downloaded files have not been tampered with on their way between your computer and their origin web server. If a signature file (.exe.asc) accompanying a .exe file is verified, then you can be sure that the .exe file is as its developer has released it.

Setup

Get the software

On your internet browser go to https://gpg4win.org/download.html address. Press on the green colored download button.

Gpg4Win homepage
Gpg4Win homepage

You will be redirected to the software's download and donate page. You can download without donating. Simply scroll down the page, and click the Download button.

Download screen
Download screen

On the page you are redirected, there will pop-up a download window. Click on the Save file button.

Download pop-up
Download pop-up

We have two more files to download. On the webpage from the previous step, click on the Check integrity link.

Check integrity link
Check integrity link

On the page that opens now, click on the download link for the .sig file that has the same name as the previous file you downloaded.

Signature file link
Signature file link

On the new window, select the Save file option, and then click on the OK button.

Signature file download pop-up
Signature file download pop-up

For the last file we need to download, click on the GnuPG Homepage link from the previous web page we were on.

GnuPG homepage link
GnuPG homepage link

On the page that opens now, scroll down, and click on the https://gnupg.org/signature_key.asc link. On the page that opens, with your mouse, Right click > Save Page As.... On the pop-up window, click on the Save button.

Sign key download dialog
Sign key download dialog

We now have all the files that we need on our computer. If all went fine, you should have the following files on your Downloads directory.

Downloads folder with all the items
Downloads folder with all the items

Install the software

On gpg4win-4.2.0 file, with your mouse, Right click > Open

Run gpg4win exe
Run gpg4win exe

On the new window, click on the Yes button.

User account control pop-up
User account control pop-up

Select your preferred language for the installer, and then click on the OK button.

Installer language selection
Installer language selection

Click on the Next button through the installer screens.

Gpg4Win installation wizard
Gpg4Win installation wizard

On this screen, you can remove the GpgOL and GpgEx selections. We only need the Kleoptra component for our purposes.

Gpg4Win component selector
Gpg4Win component selector

Lastly, leave the destination folder in its default setting, and then click on the Install button.

Gpg4Win install destination folder
Gpg4Win install destination folder

Wait for the install process to complete.

Gpg4Win install progress bar
Gpg4Win install progress bar

After the install process completes, click on the Next button.

Gpg4Win install complete
Gpg4Win install complete

On the last window, make sure Run Kleopatra option is enabled, and then click on the Finish button. After that, Gpg4Win install process completes.

Gpg4Win run Kleopatra
Gpg4Win run Kleopatra

Run the software

When you start the Gpg4Win program, you will see a window like the following. For our first use, we will verify the signature file we downloaded at the beginning of this guide. In order to do that, first, import the gpg key we downloaded, into the Kleoptra.

Click on Import button.

Kleopatra UI
Kleopatra UI

On the window that opens, select the signature_key file inside the Downloads folder. And then, click on the Open button.

Select signature key
Select signature key

Confirm the import, and click on the OK button.

Certificate import
Certificate import

Kleoptra will present you some details about the gpg key you just imported. Now, click on Decrypt/Verify button.

Key details
Key details

On the selection window, pick the gpg4win-4.2.0.exe file inside the Downloads folder. Make sure the type of the file you are picking is displayed as OpenPGP Signature. And then, click on Open button.

Signature file picker
Signature file picker

Wait for the verification process to complete. When it completes, you should see an info line saying "All Operations Completed". Next, look at the line that reads "Signature created...". Here it is presented that the signature owner is "Andre Heinecke" and the key that signed the signature has the fingerprint, "(BCEF 7E29 4B09 2E28)". Compare this fingerprint to the one that belongs to the key that you imported into Kleopatra earlier. If these two fingerprints match, then, you can be sure that the Gpg4Win program that you just installed on your computer is legitimate.

Signature verification complete
Signature verification complete

Conclusion

In this guide I showed you how to install Gpg4Win program. Using Gpg4Win you can verify the programs you download and install on your computer are not tampered with and are released by the developer that holds his signing keys. In order to do that, you need the corresponding signature file which ends in .sig or .asc file extension, and, the developer's signing key. After you collect those, you can verify the .exe file itself like I have showed in this guide.

If you find this guide useful you can send some Monero (XMR) to this address:

84uBVw2A5EWFKa5Zaa3SY9ZruYsCeAgmpVu1c4y8DovK9TkSvvgD5XMKLUiBDmS6sNdAgExgAHGhACMVrayVJEr322neVDG
Donate XMR!
Donate XMR!