REM HOW TO VERIFY THE BINARIES DOWNLOADED FROM TRUECRYPT REM under windows!

REM source of inspiration: http://www.mattnworb.com/post/16019918033/how-to-verify-a-pgp-signature-with-gnupg

REM Download and INSTALL gnupg e.g. from: gnupg.org  (this is the official site... if it seems offline or suffering a denial of service attack here is the direct link: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe)

REM And here is the

GnuPG 1.4.10b compiled for Microsoft Windows. B FTP
· Signature and SHA-1 checksum for previous file.

b86624303f2e29ade92dcfae672fe75ba9df3931  gnupg-w32cli-1.4.10b.exe
REM copy the gpg.exe to C:WINDOWS so it will be accessible by simply typing gpg

REM import your private key (if not allready done)

gpg --import "X:PATHTO_YOUR_PRIVATE_KEY_pub-sec.asc"

gpg: Schlüssel 1E161E12: Öffentlicher Schlüssel "hans hallodri <hans@hallodri.de>" importiert gpg: Schlüssel 1E161E12: geheimer Schlüssel importiert gpg: Schlüssel 1E161E12: "hans hallodri <hans@hallodri.de>" nicht geändert gpg: Anzahl insgesamt bearbeiteter Schlüssel: 2 gpg: importiert: 1 (RSA: 1) gpg: unverändert: 1 gpg: gelesene geheime Schlüssel: 1 gpg: geheime Schlüssel importiert: 1

REM DOWNLOAD THE TRUECRYPT BINARIES FROM http://www.truecrypt.org/ (please donate!)

REM also download their public key:

https://www.truecrypt.org/download/TrueCrypt-Foundation-Public-Key.asc

REM import their public key

X:SOFTWARETRUECRYPT>gpg --import TrueCrypt-Foundation-Public-Key.asc

gpg: Schlüssel F0D6B1E0: Öffentlicher Schlüssel "TrueCrypt Foundation <contact@t

ruecrypt.org>" importiert gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1 gpg: importiert: 1 gpg: keine uneingeschränkt vertrauenswürdigen Schlüssel gefunden

X:SOFTWARETRUECRYPT>gpg --list-keys

C:/Users/user/AppData/Roaming/gnupgpubring.gpg ----------------------------------------------- pub 1024D/F0D6B1E0 2004-06-06 uid TrueCrypt Foundation <contact@truecrypt.org> sub 4077g/6B136ECF 2004-06-06

REM so in order to verify, we need to sigh truecrypt's public key to show "you trust em"

X:SOFTWARETRUECRYPT>gpg --sign-key F0D6B1E0

pub 1024D/F0D6B1E0 erzeugt: 2004-06-06 verfällt: niemals Aufruf: SC Vertrauen: unbekannt Gültigkeit: unbekannt

sub 4077g/6B136ECF erzeugt: 2004-06-06 verfällt: niemals Aufruf: E [ unbek.] (1). TrueCrypt Foundation <contact@truecrypt.org>

pub 1024D/F0D6B1E0 erzeugt: 2004-06-06 verfällt: niemals Aufruf: SC Vertrauen: unbekannt Gültigkeit: unbekannt Haupt-Fingerabdruck = C5F4 BAC4 A7B2 2DB8 B8F8 5538 E3BA 73CA F0D6 B1E0

TrueCrypt Foundation <contact@truecrypt.org>

Sind Sie wirklich sicher, daß Sie vorstehenden Schlüssel mit Ihrem Schlüssel "hans hallodri <hans@hallodri.de>" (1E161E12) beglaubigen wollen

Wirklich unterschreiben? (j/N) J

Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren. Benutzer: "hans hallodri <hans@hallodri.de>" 2048-Bit RSA Schlüssel, ID 1E161E12, erzeugt 2013-08-13

REM now finally you can verify

X:SOFTWARETRUECRYPT>gpg --verify "TrueCrypt Setup 7.1a.exe.sig" "TrueCrypt Setup 7.1a.exe"

gpg: Unterschrift vom 02/07/12 21:56:28 mittels DSA-Schlüssel ID F0D6B1E0 gpg: Korrekte Unterschrift von "TrueCrypt Foundation <contact@truecrypt.org>" gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = C5F4 BAC4 A7B2 2DB8 B8F8 5538 E3BA 73CA F0D6 B1E0

... everything seems fine.

background informations on GnuPG:  https://en.wikipedia.org/wiki/GnuPG

GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographicsoftware. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification ofOpenPGP. Current versions of PGP (and Veridis‘ Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems.

GnuPG is a part of the Free Software FoundationGNU software project, and has received major funding from the German government.[3]

(keywords: 1999, Hubertus Soquat, BMWi, 250.000DM)

http://www.heise.de/tp/artikel/2/2908/1.html … also sounds pretty honest… but people never know what their government is really doing.

You might also want to know about TrueCrypt’s privacy policy… where they come from… what they are here for… their intentions… : seems pretty honest.

Privacy Policy

Effective Date: October 2, 2011As we develop software whose purpose is to ensure and protect privacy, it is needless to say that we recognize that privacy is very important. We respect your privacy. This Privacy Policy applies to the official TrueCrypt website („this website“), which is located at www.truecrypt.org.No personally identifiable information of internet users visiting this website is collected by/on this website.* However, note that it is sometimes possible, under certain circumstances, to determine with a high degree of accuracy who used a certain Internet Protocol address at a particular time (we are not able to do so, but, for example, law enforcement agencies are able and entitled to do so in some cases). Consequently, an Internet Protocol address may be considered potentially personally identifiable information in some cases. When you visit this website, your internet browser (e.g. Internet Explorer or Firefox) sends and receives data to/from the server software, Apache. The server software automatically records some of the information that your internet browser sends to it or that the server software otherwise obtains automatically in connection with your web request. For instance, it records the type of your browser, browser language, type of operating system, referring website, Internet Protocol address, and the date and time of your request. We use some of the information to analyze attacks on our server (and abuse of our website) and to help ensure that they are not successful. We also use some of the information when developing or testing TrueCrypt (e.g., we determine the percentage of users who use a particular version of an operating system). Furthermore, we use some of the information to evaluate the success of the TrueCrypt project in various countries (e.g. by determining the average number of visitors from a particular country per day) and when optimizing or testing our website (e.g., we determine the most used types of browsers, which we then use to test our website and for which we optimize it). All the information is encrypted so that it is very difficult for unauthorized persons to access it. We will not disclose the information to any third party without your consent, unless we need to do so in order to prevent (or to facilitate analysis of) attacks on our server, or abuse of this website, and/or unless we are required to do so by law.This website reads and writes cookies containing solely anonymous traffic data, which we use to evaluate the success of the TrueCrypt project (e.g. by determining the average number of returning visitors per day and the average frequency of repeated visits per visitor). Cookies are small text files that your internet browser stores locally for websites you visit. You can prevent cookies from being stored/sent/received by configuring your internet browser (for example, in Internet Explorer, select Tools > Internet Options > Privacy, or in Firefox, select Tools > Options > Privacy).We reserve the right to change this Privacy Policy from time to time. However, if we do, most changes will be minor. Each version of this Privacy Policy is identified at the top of this page by its effective date.


* With the exception of e-mail addresses submitted optionally and voluntarily by TrueCrypt translators under the TrueCrypt Translator Agreement and e-mail addresses submitted (optionally and voluntarily) by users who report bugs using our online bug report form or contact us via our official web contact form.

admin