Page MenuHome GnuPG

Extend Authenticode signatures to more (all) Gpg4win binaries and libraries
Open, NormalPublic


If an organisation requires all binary code on a windows installation to be verified,
they can make it mandatory that only signed dlls or executable are run by Windows.

Thus it is an advantage if all Gpg4win binary code object are signed with Authenticode.
(A workaround maybe Filehash based policies.)

This is related to T2227 where signing of GpgOL was wished for.


Some binary objects are already signed like

C:\Program Files (x86)\GnuPG\bin\zlib1.dll
C:\Program Files (x86)\GnuPG\bin\scdaemon.exe

another 125 files in Gpg4win 4.0.0 are not signed, (looked for with Get-AuthenticodeSignature) like

"C:\Program Files (x86)\Gpg4win\bin\md5sum.exe","NotSigned","None",,
"C:\Program Files (x86)\Gpg4win\bin\libwinpthread-1.dll","NotSigned","None",,

Would need to be included into the signing process of the packageing,
so it is done each time.

The principal mechanism should be in place (using Windows openssh capabilities), if I've understood @werner correctly.

Revisions and Commits