[Pidgin] Are the packages signed modified
Pidgin
trac at pidgin.im
Tue Oct 2 01:19:00 EDT 2012
Page "Are the packages signed" was changed by datallah
Diff URL: <https://developer.pidgin.im/wiki/Are%20the%20packages%20signed?action=diff&version=6>
Revision 6
Comment: Add GPG information about the windows builds
Changes:
-------8<------8<------8<------8<------8<------8<------8<------8<--------
Index: Are the packages signed
=========================================================================
--- Are the packages signed (version: 5)
+++ Are the packages signed (version: 6)
@@ -31,11 +31,15 @@
You can read more about how the signing and verification works in the [http://www.gnupg.org/gph/en/manual.html GPG Handbook].
=== Windows Installers ===
-As of Pidgin 2.10.7, the Windows installers are signed using the [http://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx Microsoft Authenticode] signing mechanism by Daniel Atallah using a key with a thumbprint of `C5476901C3C63FABF54CEBA9E3F887932A9579B5`.
+As of Pidgin 2.10.7, the various Windows binaries are signed in two ways.
+ * the installers and `pidgin.exe` are signed using the [http://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx Microsoft Authenticode] signing mechanism by Daniel Atallah using a certificate with a thumbprint of `C5476901C3C63FABF54CEBA9E3F887932A9579B5`
+ * all distributed packages (installers, debug symbols, binary zip file, gtk bundle zip file) are signed with [http://www.gnupg.org/ GPG] by Daniel Atallah (`DE890574`).
-The signature can be verified most easily by using Windows Explorer to look at the Properties of the installer executable.
+The authenticode signature can be verified most easily by using Windows Explorer to look at the Properties of the installer executable.
In the "Digital Signatures" tab, you can look at the Details of the signature, "View Certificate", and compare the (case-insensitive, whitespace-insensitive) "Thumbprint" value in the "Details" tab to the value listed above.
[[Image(windows_cert_verify_thumbprint.jpg)]]
-Alternatively, the signature can be verified using Microsoft's `signtool.exe` utility (which, unfortunately, in order to obtain, requires that you install the at least parts of Microsoft Platform SDK).
+Alternatively, authenticode the signature can be verified using Microsoft's `signtool.exe` utility (which, unfortunately, in order to obtain, requires that you install the at least parts of Microsoft Platform SDK).
+
+GPG signatures can be verified on Windows in the same way as they're validated on other operating systems (see [wiki:"Are the packages signed#SourceTarballs" above]). GPG binaries for windows are [http://gpg4win.org/ available] - be sure to read the notes about how to validate your GPG binaries :)!
-------8<------8<------8<------8<------8<------8<------8<------8<--------
--
Page URL: <https://developer.pidgin.im/wiki/Are%20the%20packages%20signed>
Pidgin <http://pidgin.im>
Pidgin
This is an automated message. Someone added your email address to be
notified of changes on 'Are the packages signed' page.
If it was not you, please report to datallah at pidgin.im.
More information about the Wikiedit
mailing list