Forum: help-en

Monitor Forum | Start New Thread Start New Thread
RE: provide SHA256 of 'latest' installer file [ Reply ]
By: Bernhard Reiter on 2022-04-19 07:45
[forum:8374]
Hi Nikolas,
what about the powershell cmdlet Get-AuthenticodeSignature ?
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-authenticodesignature?view=powershell-7.2

According to the documentation it should match your criteria.

Best Regards,
Bernhard

RE: provide SHA256 of 'latest' installer file [ Reply ]
By: Nikolas Lazar on 2022-04-17 09:35
[forum:8370]
well the methods mentioned in https://wiki.gnupg.org/Gpg4win/CheckIntegrity are:
- Method A: UAC will be omitted if the silent installer ends up working (I have yet to try it but from what I read it seems it should) as it'll be installed from elevated shell instance
- Method B: file properties - requires manual intervention, therefore won't be done if the silent installer ends up working
- Method C: signtool - requires downloading other software -won't do
- OpenPGP signatures - requires software to already be installed, which for obvious reasons isn't a good idea -if the file was malicious I don't think it'd be excessively hard to make a simple if statement refering to the installer file with hardcoded output value or something similar
- " [forum:8344]
For completion: There are command line tools to check the code signing status on windows. " - again: requires downloading other software -won't do
- other than that there are only Checksums which can be done using preinstalled powershell cmdlet (Get-FileHash)

RE: provide SHA256 of 'latest' installer file [ Reply ]
By: Bernhard Reiter on 2022-04-08 13:27
[forum:8344]
For completion: There are command line tools to check the code signing status on windows.

RE: provide SHA256 of 'latest' installer file [ Reply ]
By: Bernhard Reiter on 2022-04-08 13:26
[forum:8343]
Hi Nikolas,

Re: silent flags on the Gpg4win installer:

It used be one there, see https://www.gpg4win.org/doc/en/gpg4win-compendium_35.html (old documentation, but might still work similiar today, haven't tried in a while)

What do you need the hash for?
You did read https://wiki.gnupg.org/Gpg4win/CheckIntegrity I presume?

Using one of the other integrity checking method is usually better than going the hash way.

Best Regards,
Bernhard

RE: provide SHA256 of 'latest' installer file [ Reply ]
By: Nikolas Lazar on 2022-04-06 19:07
[forum:8340]
not really;
I'm trying to fetch installers and check hashes of multiple apps as part of what would on linux be called an installer script (which it really isn't since it doesn't install the apps - at least not all of them ... i don't expect there to be 'silent' flag on the installer file, is there?). I need to be able to always fetch latest version of app (this is available as 'gpg4win-latest.exe' in 'https://files.gpg4win.org') and hash (hence this request)

RE: provide SHA256 of 'latest' installer file [ Reply ]
By: Bernhard Reiter on 2022-03-28 07:36
[forum:8301]
Hi Nikolas,

note that for the latest version, we provide the SHA256 here
https://www.gpg4win.org/package-integrity.html

would that solve your need already?
Regards,
Bernhard

provide SHA256 of 'latest' installer file [ Reply ]
By: Nikolas Lazar on 2022-03-25 21:37
[forum:8300]
i dont know whether this is the place to request new features, but i havent found any other...
my request is simple:
provide 'gpg4win-latest.exe.sha256' (in https://files.gpg4win.org)