In article <cak9b2qgbigkuah3w2ymruogocqdq132qbxrbqwcp5o1jaxt...@mail.gmail.com>, leonardo davinci <[email protected]> wrote: > I am using Kleopatra(gpg for win) to verify the 3.4.3 python installer, > Windows x86 MSI > > ><https:// <https://www.python.org/ftp/python/3.4.3/python-3.4.3.msi> > www.python.org <https://www.python.org/ftp/python/3.4.3/python-3.4.3.msi> > /ftp/python/3.4.3/ > <https://www.python.org/ftp/python/3.4.3/python-3.4.3.msi>python-3.4.3.msi > <https://www.python.org/ftp/python/3.4.3/python-3.4.3.msi>>. This file does > not have a email in the digital signature and I am having trouble verifying > the validity of the download.
Unfortunately, verifying the PGP signature of release files isn't the most user-friendly process, especially on Windows. The release files from python.org are typically PGP-signed in armored detached signature files, in other words, for each release file (like python-3.4.3.msi) there is a separate signature file with an appended .asc extension (python-3.4.3.msi.asc). If you go to the python.org downloads page (https://www.python.org/downloads/) and click on the release in question, it should take you to the page for the release (https://www.python.org/downloads/release/python-343/). Near the bottom of the page, there is a list of downloadable files and to the right of each one there is a "GPG" column with a "SIG" link for each file. Clicking on the SIG link should download the corresponding signature file (python-3.4.3.msi.asc). I'm not familiar with Kleopatra's interface but normally you'd want to download both the installer file and its asc file to the same directory/folder and then tell the GPG program to verify the asc file. The PGP/GPG program will also need to have access to the public keys of the creators / signers of the downloadable files. You will find them listed near the bottom of the Downloads page (https://www.python.org/downloads/). Independently thereof, the python.org Windows installer files are also signed with a public-key code signing certificate that should be automatically verified by the Windows installer program. (Likewise, for the Mac OS X installer files.) Hope this helps! -- Ned Deily, [email protected] -- https://mail.python.org/mailman/listinfo/python-list
