Re: [Tails-dev] A Problem Concerning Gpg4win and sha256sums …

Delete this message

Reply to this message
Author: Daniel Kahn Gillmor
Date:  
To: Elless, tails-dev
Subject: Re: [Tails-dev] A Problem Concerning Gpg4win and sha256sums (like that provided for Tails)
Hi Elless--

On Mon 2015-05-04 16:08:26 -0400, Elless wrote:

> The following email was originally intended for the makers of Gpg4win,
> but since their software and site lacks a single professional target for
> software problems, and my initial and primary intention with the
> software was the verification of the Tails Windows download, I have
> emailed it to yourselves. I have already emailed the Tor project
> regarding implementation and documentation issues I enountered using
> Tor, primarily centering on the Open PGP implementation being touted
> widely for Windows. The Gpg4win Wiki also appears useless to me, and the
> forum is labyrinthine and problematic.


I understand your frustration with the gpg4win public documentation. It
would be better if it were simplified. Nonetheless, your e-mail message
is probably better sent to the gpg4win mailing list:

gpg4win-users-en@???

because the folks there can probably help you more directly.

> Can you provide any clarity in this regard? I would like to be able to
> verify checksums, regardless of any requirement to use Open PGP certs,
> which present far more problems (again, primarily due to documentation).
> Tails provides a sha256sum, but I have not been able to generate one to
> date (sha1sums work fine in Kleopatra, as far as I can see). Even if you
> cannot or do not wish to provide advice, the problem should be noted and
> passed on, since you advise use of Gpg4win and provide a sha256sum for
> the Windows download, technically problematic if such users cannot
> generate sha256sums.


If you have gpg4win installed (or any other gpg implementation), you can
always generate a checksum for the file named "foo.zip" from the command
line like this:

gpg --print-mds foo.zip

hth,

--dkg