Check integrity of Gpg4win packages

How to actually perform the checks can be found e.g. on the GnuPG web page on integrity checks.

SHA1 checksums

f619313cb42241d6837d20d24a814b81a1fe7f6d  gpg4win-2.1.0.exe
5a3477fa76eac00e96f171ef619fb3be5ba3c512  gpg4win-light-2.1.0.exe
dabb1b978652db258bb6099e80adc56a5de25b7c  gpg4win-src-2.1.0.exe
c56c27502c664c38935c1589cd1315dc6de9beae  gpg4win-2.1.0.tar.bz2

MD5 checksums

Attention: Using of MD5 is insecure! Please use SHA1 only.

ad6245f3238922bb7afdc4a6d3402a65  gpg4win-2.1.0.exe
5a2c9390a88df06938aa5ed0dff197e1  gpg4win-light-2.1.0.exe
ccc57a8962fab6a7641c9fe68082e9c0  gpg4win-src-2.1.0.exe
99e7e89fbee42b3012b7873f4b1abd5a  gpg4win-2.1.0.tar.bz2

OpenPGP signatures

For gpg4win-2.1.0.exe: http://ftp.gpg4win.org/gpg4win-2.1.0.exe.sig
For gpg4win-light-2.1.0.exe: http://ftp.gpg4win.org/gpg4win-light-2.1.0.exe.sig
For gpg4win-src-2.1.0.exe: http://ftp.gpg4win.org/gpg4win-src-2.1.0.exe.sig
For gpg4win-2.1.0.tar.bz2: http://ftp.gpg4win.org/gpg4win-2.1.0.tar.bz2.sig

The signatures have been created with the following OpenPGP certificate
Intevation File Distribution Key (Key ID: EC70B1B8)

The certificate be retrieved from OpenPGP certificate servers. Loading a certificate from a certificate server can be done e.g. via Kleopatra or GPA. Checking the the signature of a file is best done with GpgEX via the Explorer.

File lengths

If you have a mismatch on the checksum or a bad signature you should first verify that you really downloaded the complete file. Here are the lengths you should get:

39332992 bytes for gpg4win-2.1.0.exe
15465168 bytes for gpg4win-light-2.1.0.exe
271428912 bytes for gpg4win-src-2.1.0.exe
6002513 bytes for gpg4win-2.1.0.tar.bz2