If they are the same, check the box I have verified the fingerprint, click Next and Certify. Enter your passphrase to use your private key to sign TrueCrypt's key. Now, to verify the binary signature, go to File > Decrypt/Verify files. and choose TrueCrypt Setup 7.1a.exe.sig that you downloaded before. The signed data field should point to the binary to verify ( TrueCrypt Setup 7.1a.exe). Click Decrypt/Verify: You should see a nice green label saying the signature is valid. This means that the TrueCrypt Setup 7.1a.exe file you downloaded is what TrueCrypt Foundation provides on their website and you downloaded that exact binary, as long as you trust their public key you downloaded over HTTPS.Ĭhecking the X.509 signature is more trivial: Right click on the executable, go to Digital Signatures. Select TrueCrypt Foundation in the list, click on Details. You should see This digital signature is OK. 
Now, you can trust this binary if you trust VerySign, a popular certificate authority, and its public key that is embedded in your OS. In the sources, the Readme file specifies the following list of software to have on your system in order to compile TrueCrypt: Now we are pretty sure that we are in possession of the official binaries to be compared to our build.
Microsoft Visual C++ 2008 SP1 (Professional Edition or compatible).
0 kommentar(er)
