Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

Does GPG check file integrity?

Started by Edward549 , May 05 2022 08:26 AM

  • Please log in to reply
2 replies to this topic

#1 Edward549

Edward549

  • Avatar image
  • Members
  • 16 posts
  • OFFLINE
    •  
  • Local time:06:10 AM

Posted 05 May 2022 - 08:26 AM

Hi,

 

 

I was under the impression that GPG checked that a file was not altered.


I see in this video

https://www.youtube.com/watch?v=DVUy-t8QSgY

at about 6:05 what seems to be a file being changed and still getting a "good" result.
How can you tell if this is happening on a received file?


Later it shows another method where the file is changed and GPG gives a "bad" result, how would you know if a downloaded file was being checked for integrity or not with GnuPG/GPG4WIN etc?

 

 

 

Many thanks

P.S. I would be checking downloaded files using Windows 10.


Edited by Edward549, 05 May 2022 - 08:33 AM.

BC AdBot (Login to Remove)

 

#2 1PW

1PW

  • Avatar image
  • Members
  • 460 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Location:North of the 38th parallel.
  • Local time:09:10 PM

Posted 05 May 2022 - 09:19 AM

Hello @Edward545

 

Although many would believe it's "splitting hairs", respectfully, we may wish to differentiate between authenticity and integrity. But, that could be a separate discussion.

 

Only if the unknown file in question has an associated armored ASCII file (.asc file) then an authentication check could optionally be undertaken. Otherwise, GPG would not be able to verify authenticity.

 

If the unknown file in question can be associated with some kind of a checksum/cryptographic digest/hash, then file integrity could be undertaken. Think VirusTotal.com or a SHA-256 (or equivalent) comparison.

 

Yet that's another subject for another discussion is digitally signed/countersigned files and think x.509 certificates, etc.

 

HTH


Edited by 1PW, 05 May 2022 - 09:39 AM.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus. https://forums.malwarebytes.com/profile/17252-1pw/

#3 Edward549

Edward549
  • Topic Starter

  • Avatar image
  • Members
  • 16 posts
  • OFFLINE
    •  
  • Local time:06:10 AM

Posted 06 May 2022 - 07:40 PM

1PW, Thank you for your fast answer and helpful information. I feel that added clarity to what GPG can do.


Back to Encryption Methods and Programs


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Encryption Methods and Programs
  4. Privacy Policy
  5. Rules ·