REM HOW TO VERIFY THE BINARIES DOWNLOADED FROM TRUECRYPT REM under windows! REM source of inspiration: http://www.mattnworb.com/post/16019918033/how-to-verify-a-pgp-signature-with-gnupg REM Download and INSTALL gnupg e.g. from: gnupg.org (this is the official site... if it seems offline or suffering a denial of service attack here is the direct link: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe)
REM And here is the
|GnuPG 1.4.10b compiled for Microsoft Windows.||B||FTP|
|·||Signature and SHA-1 checksum for previous file.
REM copy the gpg.exe to C:WINDOWS so it will be accessible by simply typing gpg REM import your private key (if not allready done) gpg --import "X:PATHTO_YOUR_PRIVATE_KEY_pub-sec.asc" gpg: Schlüssel 1E161E12: Öffentlicher Schlüssel "hans hallodri <email@example.com>" importiert gpg: Schlüssel 1E161E12: geheimer Schlüssel importiert gpg: Schlüssel 1E161E12: "hans hallodri <firstname.lastname@example.org>" nicht geändert gpg: Anzahl insgesamt bearbeiteter Schlüssel: 2 gpg: importiert: 1 (RSA: 1) gpg: unverändert: 1 gpg: gelesene geheime Schlüssel: 1 gpg: geheime Schlüssel importiert: 1 REM DOWNLOAD THE TRUECRYPT BINARIES FROM http://www.truecrypt.org/ (please donate!) REM also download their public key: https://www.truecrypt.org/download/TrueCrypt-Foundation-Public-Key.asc REM import their public key X:SOFTWARETRUECRYPT>gpg --import TrueCrypt-Foundation-Public-Key.asc gpg: Schlüssel F0D6B1E0: Öffentlicher Schlüssel "TrueCrypt Foundation <contact@t ruecrypt.org>" importiert gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1 gpg: importiert: 1 gpg: keine uneingeschränkt vertrauenswürdigen Schlüssel gefunden X:SOFTWARETRUECRYPT>gpg --list-keys C:/Users/user/AppData/Roaming/gnupgpubring.gpg ----------------------------------------------- pub 1024D/F0D6B1E0 2004-06-06 uid TrueCrypt Foundation <email@example.com> sub 4077g/6B136ECF 2004-06-06 REM so in order to verify, we need to sigh truecrypt's public key to show "you trust em" X:SOFTWARETRUECRYPT>gpg --sign-key F0D6B1E0 pub 1024D/F0D6B1E0 erzeugt: 2004-06-06 verfällt: niemals Aufruf: SC Vertrauen: unbekannt Gültigkeit: unbekannt sub 4077g/6B136ECF erzeugt: 2004-06-06 verfällt: niemals Aufruf: E [ unbek.] (1). TrueCrypt Foundation <firstname.lastname@example.org> pub 1024D/F0D6B1E0 erzeugt: 2004-06-06 verfällt: niemals Aufruf: SC Vertrauen: unbekannt Gültigkeit: unbekannt Haupt-Fingerabdruck = C5F4 BAC4 A7B2 2DB8 B8F8 5538 E3BA 73CA F0D6 B1E0 TrueCrypt Foundation <email@example.com> Sind Sie wirklich sicher, daß Sie vorstehenden Schlüssel mit Ihrem Schlüssel "hans hallodri <firstname.lastname@example.org>" (1E161E12) beglaubigen wollen Wirklich unterschreiben? (j/N) J Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren. Benutzer: "hans hallodri <email@example.com>" 2048-Bit RSA Schlüssel, ID 1E161E12, erzeugt 2013-08-13 REM now finally you can verify X:SOFTWARETRUECRYPT>gpg --verify "TrueCrypt Setup 7.1a.exe.sig" "TrueCrypt Setup 7.1a.exe" gpg: Unterschrift vom 02/07/12 21:56:28 mittels DSA-Schlüssel ID F0D6B1E0 gpg: Korrekte Unterschrift von "TrueCrypt Foundation <firstname.lastname@example.org>" gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = C5F4 BAC4 A7B2 2DB8 B8F8 5538 E3BA 73CA F0D6 B1E0 ... everything seems fine.
background informations on GnuPG: https://en.wikipedia.org/wiki/GnuPG
GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographicsoftware. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification ofOpenPGP. Current versions of PGP (and Veridis‘ Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems.
GnuPG is a part of the Free Software Foundation‚s GNU software project, and has received major funding from the German government.
(keywords: 1999, Hubertus Soquat, BMWi, 250.000DM)
http://www.heise.de/tp/artikel/2/2908/1.html … also sounds pretty honest… but people never know what their government is really doing.
* With the exception of e-mail addresses submitted optionally and voluntarily by TrueCrypt translators under the TrueCrypt Translator Agreement and e-mail addresses submitted (optionally and voluntarily) by users who report bugs using our online bug report form or contact us via our official web contact form.