gpg4win-2.3.3.exe SHA1 Checksum Issue

Hello,

I am trying to verify the SHA1 checksum after downloading the gpg4win-2.3.3.exe on Windows10 desktop via the File Checksum Integrity Verifier (FCIV).

Couple of days back I was continuously (downloaded the same file multiple times) getting a different :
17a2b75f3ee06908b9d82f3d892baf82 gpg4win-2.3.3.exe
SHA1 checksum as opposed to that published on the web-site :
67e13c4f90ff6a70ad57bd31af64a238c9315308 gpg4win-2.3.3.exe

When I did the same thing today, I got the same SHA1 checksum on the file as published on the web-site on the first go. A minute later, I am getting the old SHA1 checksum : 17a2b75f3ee06908b9d82f3d892baf82 gpg4win-2.3.3.exe on the same file.

I am not sure what is happening. Could anyone help me with this.

Thank you.

Regards,

Sachin

2.txt (111 Bytes)

Hi Sachin,

note that the exe comes code-signed, so verifying the file length and checksum is an additional check (that can be good for certain situations where you only want to see if the transport was done correctly for instance).

your checksum
17a2b75f3ee06908b9d82f3d892baf82 gpg4win-2.3.3.exe
is the md5 checksum of the file, which is shorter than sha1. So my idea is: Somehow your File Checksum Integrity Verifier (FCIV) seem to calculate the md5 checksum instead of the sha1 sum. You could try the command listed here https://wiki.gnupg.org/TroubleShooting

Best Regards,
Bernhard

Hey Sachin,

We took your message as an intention to create a page in the wiki on how to check the integrity of the downloaded packages (https://wiki.gnupg.org/Gpg4win/CheckIntegrity). If you have further questions or improvements on the page, feel free to ask or add them to the page.

Regards,
Jochen

Issue resolved. Thanks a lot Bernard & Jochen.