Hello.
The following email was originally intended for the makers of Gpg4win,
but since their software and site lacks a single professional target for
software problems, and my initial and primary intention with the
software was the verification of the Tails Windows download, I have
emailed it to yourselves. I have already emailed the Tor project
regarding implementation and documentation issues I enountered using
Tor, primarily centering on the Open PGP implementation being touted
widely for Windows. The Gpg4win Wiki also appears useless to me, and the
forum is labyrinthine and problematic.
I recently downloaded Gpg4Win 2.2.4 as part of a general investigation
of available security options, an effort that included Tails. One of the
first provisions of many online downloads is the checksum, and the Tails
site provides a sha256sum output for checking. After considerable
effort, given that much documentation is outdated, overly technical, or
in the case of the Gpg4Win Compendium, does not even mention checksums,
provided by Kleopatra whose own html docs are again overly technical and
apparenty aimed at command line operations, I managed to attempt to
generate a sha256sum from a downloaded file for comparison using
Kleopatra's reconfigured right click menu.
In every case, Kleopatra outputs the same error statement, stating
"Failed to move (path/sha256sum.txt) to its final destination,
sha256sum.txt: Error during rename". The resultant file is appended with
additional file extensions ending in "new", and when opened, renamed to
.txt or not, is empty. There appears no provision for troubleshooting
this in Kleopatra's html documentation, and the Gpg4win site is
unsearchable. Advice noted on that site suggests switching to command
line in case of difficulty, but again, the command line protocols for
generating checksums are absent from docs.
It appears, then, that Kleopatra as part of Gpg4win 2.2.4 cannot produce
sha256sum files, at least via GUI, without explanation. I have now
wasted days even arriving at this conclusion, primarily due to
documentation issues, particularly for novice users (Wikipedia's pages
on checksums are considerably clearer, though undetailed, and basic
checksum operations via a GUI are and should be simple and
straightforward). This would also constitute a glaring bug.
Can you provide any clarity in this regard? I would like to be able to
verify checksums, regardless of any requirement to use Open PGP certs,
which present far more problems (again, primarily due to documentation).
Tails provides a sha256sum, but I have not been able to generate one to
date (sha1sums work fine in Kleopatra, as far as I can see). Even if you
cannot or do not wish to provide advice, the problem should be noted and
passed on, since you advise use of Gpg4win and provide a sha256sum for
the Windows download, technically problematic if such users cannot
generate sha256sums.
A User
_______________________________________________
Tails-dev mailing list
[email protected]
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
[email protected].
