How does one verify the PGP RSA and/or DSA checksum signatures for putty?

ssh security checksum putty dsa

Solution 1:

The most popular tool is GnuPG, normally a command-line tool, but the Gpg4win project has a bundle of GnuPG for Windows along with two graphical interfaces.

$ gpg --verify putty.exe.DSA putty.exe
gpg: Signature made 2013-08-06T20:21:29 EEST
gpg:                using DSA key FECD6F3F08B0A90B
gpg: Good signature from "PuTTY Releases (DSA) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 00B1 1009 38E6 9800 6518  F0AB FECD 6F3F 08B0 A90B

(I had imported the signer's public key before. You will need to do that too, as well as find a way of making sure that you have the correct key and not a fake one...)

While PGP Corporation was bought by Symantec long ago, among their various PGP-based products you can still find trial versions of Symantec Desktop Email Encryption and Symantec Encryption Desktop Corporate which are a continuation of the original PGP for Windows and commercial PGP Desktop 8.x–9.x.

Trial versions of PGP Desktop 8.x can be found in various places. It is likely that 7.x will work just fine for verifying the signatures, even if it lacks security fixes and updates.

Related

WinMerge: How to exclude *.bak and *.tmp files?
Practical (closer to the classical Linux one) way to use (automate) SUDO for CygWin
VPN with Encryption gives twice the download speed?
How to use teamviewer if the remote computer has restarted?
How can I see how much my CPU is being throttled?
Optimal setting for advanced parameters for Realtek PCI-e GBE family network card
IE11 Developer Tools does not work
Lenovo X1 Carbon key combination for [Insert], [Print Screen], etc
How to check public IP address availability
What triggers notifications of the form "Bell in session Shell" in KDE?
notepad++ - Applying CSS styles for SCSS files?
Why does UAC prompt for a password instead of yes/no?