verifying software signatures

Discussion in 'privacy technology' started by RockLobster, Oct 3, 2014.

  1. RockLobster

    RockLobster Registered Member

    Nov 8, 2007
    Can someone please explain to me how to verify a software signature ? Is gpg4win the correct application for this ? I have had trawled through so much obscure documentation to find out how to do this and still not find the answer surely this should be a simple straight forward procedure ?

    Anyway I download a software which has a separate .sig file to download which I did. How do I use this to make sure the software is the real developer version ?
    I downloaded an gpg4win with Kleopatra gui but is seems to be all about certificates I don't really understand all this. I can't import the .sig file because it is not a certificate file type.

    Edit: Apologies for posting this in the wrong forum I had been reading some posts in this one and forgot to switch to a more relevant one for this topic.
    Last edited: Oct 3, 2014