I'm interested in installing the Electron Cash application from electroncash.org (Electron-Cash-2.9.4.exe) and the website indicates that to be sure of the integrity of the download, I should verify the authenticity of the file.
The site points me to the developers github page to get the keys and hashes. I've deduced that of the 3 public keys at that link, the one to use is probably the one called jonaldkey.txt (though there is another one jonaldkey2.txt for some reason) and there is a .sig file that presumably contains the hash.
In Windows 10, how can I use the public key (jonaldkey.txt) and hash (Electron-Cash-2.9.4.exe.sig) to verify my downloaded file (Electron-Cash-2.9.4.exe) ?
Best Answer
There's a Gpg4win application, which deals with signing and verifying files. It has its Compendium, on whose 110th page we read:
Obviously you need to install it with shell extension. Option to verify a .SIG file is under the More GpgEX Options. To verify your program, I used these steps:
Verify checksum (not the signature)
You can also download the
SHA1.Electron-Cash-2.9.4.exe.txt
file, which is a text file, rename it's extension to .sha1. I have two tools at my disposal, which verify checksums. These are: 7zip and Total Commander by Ghisler. The former adds a context menu allowing you to show various checksums of a clicked file, in this case we right-click an .exe file (not the .sig) and verify displayed sum with the downloaded SHA1 text file. The latter allows you to press Enter on the *.sha, *.md5, *.sfv etc. files and displays results as OK or FAIL.