Answered

Signature/Hash Info for Downloads

Could you provide hashes for your downloads (prefer SHA3); or even better the public key (pgp) of your signature; or both;

By the way it seams to expire Feb 17. 2014! So you have 1 month to get a new one ;-)

Best Answer
photo

Why you need it? You can simple check signature validity and file integrity in signature tab of file properties windows.

All signed files stay signed after February 17.

Leave a Comment

Comments (2)

photo
1

Why you need it? You can simple check signature validity and file integrity in signature tab of file properties windows.

All signed files stay signed after February 17.

photo
1

I know that. It's maybe my personal paranoia, but having at least some kind of hash/crc/fingerprint/pk directly on the vendors HP itself is a thing i will always appreciate. Signature verification does more or less always require a third-party (Signature-Authority); look at most of the bigger OpenSource projects (i know yours is not OpenSource) but i guess it would not hurt either. And since your application is about financial transaction, that at least in my view a highly sensitve subject, i would feel better about it.