Regular hashes like MD5 are not always published or readily available if one likes to verify the authenticity of mostly open source files. So what GPG frontend or extension for Windows would you advise me, if the objective is to simply verify PGP/GPG signatures of files, without the whole e-mail encryption bundle? I tried some options like: GPGshell, Gpg4win, without much satisfaction, because they are shipped with allot of things I don't need for this single purpose. Lets say I want to compare these two: 1 2 What would you use in this instance? 1. sha-1 c2efad983dfe50e6d8007257bad2c76604be389a gnupg-w32cli-1.4.9.exe, download, verify, install. 2. the .sig and the corresponding file of TC. 3. then ? Thanks in advance.