<noinclude>
{{Header}}
</noinclude>== Install SignTools ==

[https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe SignTools] is a Windows command-line tool that uses [https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode Authenticode] to digitally sign files and verify both signatures in files and timestamp files. SignTool is available as part of [https://en.wikipedia.org/wiki/Microsoft_Windows_SDK Microsoft Windows SDK], which can be installed in just a few easy steps.

{{Box|text=
'''1.''' Download the latest version of the SDK for the most recent stable version of Windows from the [https://developer.microsoft.com/en-us/windows/downloads/sdk-archive Windows SDK and emulator archive]. Make sure to select "Install SDK".

'''2.''' Double-click the downloaded file. There's no need to change the default installation path. Click "Next".

'''Figure:''' ''Installation Path''

[[File:SDK1.jpg|800px]]

'''3.''' There's no need to enable Microsoft Insights collection, so select "No" and then click "Next".

'''Figure:''' ''Windows Kits Privacy''

[[File:SDK2.jpg|800px]]

'''4.''' Install the necessary SDK package.

The Windows SDK installer provides a number of different packages that can be installed. The only package needed for <code>gpg4win</code> verification is <i>Windows SDK Signing Tools for Desktop Apps</i> (SignTools). Choose it then press on "Install".

'''Figure:''' ''Select SignTools Package''

[[File:SDK3.jpg|800px]]

'''5.''' Once the installation is complete, close the installer.

'''Figure:''' ''Installation completed''

[[File:SDK4.jpg|800px]]

}}

== Download and Verify Gpg4win ==
<code>SignTool</code> can be used to verify the authenticity of the <code>gpg4win</code> package itself.

<u>Note</u>: To simplify the SignTool verification process, be sure to download the <code>gpg4win</code> package to the Downloads directory.

{{Box|text=
'''1.''' Download the <code>gpg4win</code> package.

* Navigate to https://gpg4win.org/
* Download the latest version of <code>gpg4win</code>. 

At the time of writing <code>gpg4win-4.3.1.exe</code> was the latest version.

'''2.''' Verify the <code>gpg4win</code> package by running SignTool from the command prompt.

Now you need to manually locate <code>signtool.exe</code> and run it as a normal <code>*.exe</code> file. You will need to provide a path to your <code>gpg4win-latest.exe</code> file. Open PowerShell then add the following:

Notes: 

* Replace <code>[username]</code> with your computer's username; the uploaded image uses "techy" as an example.
* Replace gpg4win-<code>[version number]</code>.exe with the version of the downloaded gpg4win file.. 

<code>& "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\signtool.exe" verify /pa "C:\Users\[username]\Downloads\gpg4win-[version number].exe"</code>.

[[File:SDK5-2.jpg]]

{{mbox
| image   = [[File:Ambox_warning_pn.svg.png|40px]]
| text    = '''Warning:''' If verification fails, delete the <code>gpg4win</code> package and repeat the download and verification process again.
}}

If verification passes, then you are ready to trust and install gpg using this file, i.e., <code>gpg4win-latest.exe</code>.

}}<noinclude>
{{Footer}}
</noinclude>