...
You can read more about code signing and the assurance it confers here.
http://msdn.microsoft.com/en-us/library/ie/ms537361%28v=vs.85%29.aspx
Right click on the downloaded file, and chose properties
:
Check that the file has a digital signature (if not, the digital signature tab is not present).
Select digital signatures tab.
There will be two signatures, sha1 and sha256. Having two signatures ensures complete coverage for all Windows Operating Systems:
Check the digital signatures are valid, Click details on both certificates.
Verify the code signing, confirming that the file hasn't been modified and then resigned with a certificate that resembles ours:
Click view certificate button.
Click details tab.The thumbprint for the sha1 certificate should be: bca4ffa119ef2e96a573e9d7b4aa35b832ff7161 OR
1d5389e819282db693e5a44dc50987af278c765d depending on the date of the signature
The sha256 certificate should be: 282c3f64b5f33fa789cd23660953eb5301e5e001and select the digital signatures tab.
Warning If there is no 'Digital Signatures' tab then the file is not signed and is therefore not a genuine download. Click Details and check that 'The digital signature is OK' is displayed.
Click 'View certificate' followed by the 'Details' tab.
Info To verify the the downloaded file is genuine confirm that the thumbprint matches the corresponding thumbprint in the table below
Info |
---|
Note: installers and all signed executables prior to 2021 will show two signatures. sha256 and sha1. Please check that both certificates are valid. sha1 code signing has been deprecated. See Deprecation of SHA-1 code signing for more info |
Use the table below to confirm the signature thumbprint(s)
Start | End | Hash Type | Thumbprint |
---|---|---|---|
15 Jan 2022 | 10 Feb 2025 | SHA256 | c4 4f 37 35 01 16 4e d9 a2 b4 7d a6 71 d8 7c 3c 7e 06 e1 2e |
Feb 2017 | 15 Jan 2022 | SHA256 | 28 2c 3f 64 b5 f3 3f a7 89 cd 23 66 09 53 eb 53 01 e5 e0 01 |
Feb 2017 | 31 Dec 2020 | SHA1 | bc a4 ff a1 19 ef 2e 96 a5 73 e9 d7 b4 aa 35 b8 32 ff 71 61 |