How to verify the integrity of a PuTTY executable

I am used to verify downloaded programs with GnuPG simply by entering the following command:

gpg2 –verify program.exe.sig

Usually, GnuPG finds out which file to hash (in this case program.exe) on its own. But in case of PuTTY, all I got was this:

gpg2 –verify .\putty.exe.DSA
gpg: keine signierten Daten
gpg: can’t hash datafile: Keine Daten

However, it is fairly easy to verify the executable, simply by adding the filename to the command line like this:

gpg2 –verify .\putty.exe.DSA .\putty.exe
gpg: Signatur vom 07/12/11 21:13:15 Mitteleuropäische Sommerzeit mittels DSA-Schlüssel ID 08B0A90B
gpg: Signatur kann nicht geprüft werden: Kein öffentlicher Schlüssel

Über uns Stefan

Polyglot Clean Code Developer

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax