Using Gpg4win in Windows
First you need to download the singing key of the iso file you downloaded, usually the key ends with a suffix .sig.To check for integrity and authenticity, the signature file - hence the file with the ending .sig, .asc, .p7s or .pem - and the signed original file (original file) must be in the same file folder. Select the signature file and select the entry Decrypt and check from the Windows Explorer context menu:
The option Input file is a separate signature is activated since you have signed your original file (here: Signed file) with the input file. Kleopatra will automatically find the associated signed original file in the same file folder.
The same path is also automatically selected for the Ouput folder. It only becomes relevant however once you are processing more than one file simultaneously.
Confirm the operations with [Decrypt/Check].
Following a successful check of the signature, the following window appears:
Even if only one character is added to the original file, or is deleted or modified, the signature will be shown as having been broken (Kleopatra displays the result as a red warning):
No comments:
Post a Comment