Mighty Desktop

Verify Integrity

 

Share

 

Navigation
Overview
Suspend-Resume
Permanent Apps
Quick Items
Installed Programs
Desktop
Toolbox
Devices
Intranet
File Copier
File Renamer
File Comparer
Duplicate Cleaner
File Scanner
Folder Analyzer
File Splitter
File Concatenator
Drive Speed
Dictionary Merge
File Stamper
Duplicate Truncator
String Hunter™
Watchdog
Calcuverter
DualTypeCalc™
Unit Converter
DateTime Calculator
Currency Converter
Scheduler
Actions
Text Expert
Text Converter
Clipboard Recorder
Window List
WindowBot™
Process List
ProcessBot
Open Files
Process Variations
Process Functions
System Safety Functions
Seed Enigma™
Verify Integrity
File Monitor
Binary File Viewer
File Protector
Backup
Data Refresher
Windows™ Extensions
Environment Variables
Command Shell
Locate Command
Error Codes
Diagnose Start Problems
Desktop Shortcut
Hotkeys
Process Queue
Explorer Integration
Settings
About
General Features
Download
Buy License
Help
3rd Party Reviews
 

 

 

 
 


The Verify Integrity tab, a part of the System Safety tab, verifies whether the integrity embedded in a binary data file (usually *.zip or *.exe) was compromised (the file modified). It matches the signature or checksum (hash) that is provided in a separate textual file (usually *.sig or *.asc).

The operation can do several things:

  • When you enter a file the corresponding integrity pathname will be looked up by first appending and then replacing the extension by one of these: '.sig', '.txt', '.hsh' or '.asc'.

  • In the case of a PGP signature the *.sig file will be expected either to have a block starting with "-----BEGIN PGP SIGNATURE-----" inside or to contain directly the binary signature. It will then be searched for gpg.exe (a part of the free GnuPG package) by consulting the PATH environment variable (see tab 'Environment Set') and if not found, in the default installation folders of gpg. gpg will then be passed the two files for processing the verification. Note that the signature process needs the public key of the signatory to verify it. If gpg is saying "Signature can't be checked: No public key found" you will have to import the public key of the creator of the data file into your machine's gpg keystore with the button "Import Keys" (see chapter below).

  • If the signature file is a textual file that contains a line like "SHA256: AABBCC..." with a hash value 'AABBCC..' Mighty Desktop will compare the hash of the file by either scanning it immediately or, if the data file is bigger than the threshold, it will add a File Scanner process to the Process Queue. Mighty Desktop can even be restarted while a huge file is scanned. Accepted format of the line:
    • Blanks, '-' and TABs in the line will be ignored

    • Any of the hash types in the dropdown box of the File Scanner tab can be processed

    • The first line with a hash value will be used. You can reorder the lines if multiple hashes are present.

    • Letter case is irrelevant for the comparison.

  • Also a signature file in the form

    Hash: SHA256

    b1b09fc9c4868f....1424a0097f7696ecfdb3ee <FileName>

    can be read. The right column must contain the filename of the data file with or without path, the left column the hash code, or vice versa.

  • If no signature file is specified, it is assumed that the data file should be verified using previously imported PGP keys. The command specified in the settings is used for this purpose, but the "{Sig}" part is removed from it beforehand.

Notes:

  • You can configure which PGP program to use and how it should be called in the Settings tab.

  • Mighty Desktop automatically corrects a mixed character set output of the tool (necessary for gpg).

Importing keys

Usually you can look up the public key on the signatory's web site, or download it from a public key server using the provided functions inside the PGP key manager tools. A public key starts with the line "-----BEGIN PGP PUBLIC KEY BLOCK-----". Some key files contain multiple public and/or private keys in a sequence. These can also be imported. You can just drop a file onto the text box.

Notes:

  • You can configure the command for importing keys in the Settings tab.

  • Mighty Desktop automatically corrects a mixed character set output of the tool (necessary for gpg).


 

   
Go to Homepage