Posted on Leave a comment

Email Encryption – Update GPG4Win

To encrypt emails, and maybe also files on the local harddisk, GPG (the GNU Privacy Guard) is the Open PGP tool of choice. And keeping applications up to date is safety relevant and important, especially for security related applications, so let’s cut the cake and get to it and let’s update GPG4win, the Windows variant, to the latest version.

1. Download the new version of the tool.
Select the donation amount you like and click on the blue Download button.
(a click on the image will open a new window/tab with the download page of GPG4WIN.)

2. Next, validate the downloaded is untempered and authentic.
To do this, click the red coloured text “OpenPGP signatures and source code packages” right under the Download button. This will bring up the page that amongst other information also contains the SHA256 signature checksum for the downloaded file.

A right-click on the downloaded file in the file explorer opens the contextual menu.
Click on the SHA-256 item in the CRC SHA menu to calculate the SHA-256 checksum of the downloaded file and compare the calculated hex-number with the one shown on the download webpage. A little re-arrangement of the windows may be required to be able to see both numbers at the same time.
Both numbers shall be identical.

If for some reason the calculated number and the one shown on the webpage differ, then the file in your local download folder is not the same as the one you intended to download. There may be various reasons for this, however, important is only to NOT install this file if there’s any doubt about it’s authenticity. Better check if the correct numbers are compared and the right file was downloaded and rather attempt to re-download the file again and double check the webpage address, etc.

After the signature checksum validation also let the virus scanner check the downloaded file. Right click to open the contextual menu then select either Scan with Windows Defender … or Scan with Malwarebytes or your preferred Anti-Virus software.
Once this is completed without any warnings or errors it shall be safe to install the downloaded file.

3. Installation
Double-click on the downloaded file in the file explorer to start the installation process.

Select the components to install or rather update. The pre-selection should already fit as it is derived from the current installed version. Check the installation directory and adapt in case a custom location is to be used. After the installation is completed, a reboot is required. Save any open work and close other applications and click Finish to reboot.

4. Check the results
Note, the application can be found under GPA (GNU Privacy Assistant) which may be a new name depending on what version was used previously and Kleopatra.
Start Thunderbird to see if emails still work as expected and maybe try sending an encrypted email to yourself as a test.

Congratulations, GPG4win is now up to date again.

Leave a Reply