1

I downloaded Veracrypt and its sig file. I go ahead and import it into Kleopatra to verify it (using Windows gpg4win). Now i reach this step:

enter image description here

It asks me whether i have verified the fingerprint. How do i do that? I'm also a bit confused as to what the fingerprint is. Is it just a hash of the public key, or something else?

KeyC0de
  • 133
  • 8
  • please read Veracrypt's documentation: https://www.veracrypt.fr/en/Digital%20Signatures.html – schroeder Mar 05 '18 at 23:03
  • "Please check that its fingerprint is 993B7D7E8E413809828F0F29EB559C7C54DDD393." – schroeder Mar 05 '18 at 23:03
  • This wasn't specific for veracrypt. I used it as an example. So what i gather is, we need to verify a fingerprint "manually" with the website? Thanks. – KeyC0de Mar 05 '18 at 23:07
  • 1
    no problem: `gpg --with-fingerprint VeraCrypt_PGP_public_key.asc` or, generically, `gpg --with-fingerprint any_public_key.asc` – schroeder Mar 05 '18 at 23:10
  • 1
    @Nik-Lz You may want to read gpg's "Web of trust": https://www.gnupg.org/gph/en/manual/x547.html Fingerprints: v3 use MD5, v4 are SHA1 of public key. –  Mar 05 '18 at 23:20

0 Answers0