GnuPG: Decryption and verifying signatures
The GPG4Win package for Windows contains a small utility program called GpgEX, which facilitates file management using GnuPG considerably. By using the program you can encrypt, sign, decrypt, check signatures and calculate checksums for files.
GpgEX also requires that either Kleopatra or GPA, programs providing a graphical user interface for GnuPG, is installed on the computer. Kleopatra is the better choice, because GPA does not support all functions provided by GpgEX.
Decryption and verifying signatures
In the folder, select the file (or files) that you want to decrypt or whose signatures you want to verify. If the sender has sent you the encrypted data and the signature in separate files, you can also verify the signature and decrypt the data separately. First, select the signature. Right-click on the file, and select the desired command in the menu. GpgEX can usually identify the encrypted and/or signed file and offers the correct command (Decrypt and verify).
Next, the program asks you for more information in order to execute the command.
- If in the previous step you selected verifying a signature in a separate file, ensure that Input file is a detached signature (1) is checked and that the Signed data field (2) contains the signed file.
- If you are decrypting files and wish to place the decrypted files in a certain folder, enter the folder path in Output folder (3).
- Click Decrypt/Verify (4).
If everything is in order, the program notifies that it has decrypted the files and/or verified the signature.
However, it is worth noting that the Kleopatra utility program, which executes the task, is very specific regarding key validity. Kleopatra easily gives you the notification Not enough information to check signature validity if there are not enough members in the trust network for the signer's key. In this case, it is worth clicking Show details in the results window in order to see if the signature is technically intact. If everything is in order, the program tells you this on the line Signed on ... .