Author: Daniel Kahn Gillmor Date: To: Elless, tails-dev Subject: Re: [Tails-dev] A Problem Concerning Gpg4win and sha256sums (like
that provided for Tails)
Hi Elless--
On Mon 2015-05-04 16:08:26 -0400, Elless wrote:
> The following email was originally intended for the makers of Gpg4win,
> but since their software and site lacks a single professional target for
> software problems, and my initial and primary intention with the
> software was the verification of the Tails Windows download, I have
> emailed it to yourselves. I have already emailed the Tor project
> regarding implementation and documentation issues I enountered using
> Tor, primarily centering on the Open PGP implementation being touted
> widely for Windows. The Gpg4win Wiki also appears useless to me, and the
> forum is labyrinthine and problematic.
I understand your frustration with the gpg4win public documentation. It
would be better if it were simplified. Nonetheless, your e-mail message
is probably better sent to the gpg4win mailing list:
gpg4win-users-en@???
because the folks there can probably help you more directly.
> Can you provide any clarity in this regard? I would like to be able to
> verify checksums, regardless of any requirement to use Open PGP certs,
> which present far more problems (again, primarily due to documentation).
> Tails provides a sha256sum, but I have not been able to generate one to
> date (sha1sums work fine in Kleopatra, as far as I can see). Even if you
> cannot or do not wish to provide advice, the problem should be noted and
> passed on, since you advise use of Gpg4win and provide a sha256sum for
> the Windows download, technically problematic if such users cannot
> generate sha256sums.
If you have gpg4win installed (or any other gpg implementation), you can
always generate a checksum for the file named "foo.zip" from the command
line like this: