By the way, one doesn't need Microsoft's OS for checking the signature. Using Linux it's pretty simple to check the certificate that was used. First we extract the signature: ``` $ osslsigncode extract-signature -pem -in gpg4win-5.0.0-beta369.exe \ -out gpg4win-5.0.0-beta369.exe.pem PE checksum : 028F186B Succeeded ```
FWIW, although I'm grateful osslsigncode exists I often find it to be unpleasant to use at the command line. Several months ago I wrote a Python script to make it easier for me, and a couple of other people have reported it makes their workflow easier.
https://github.com/rjhansen/signtool
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
