<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8" />

<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>

<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>

<meta name="keywords" content="encryption, security"/>

<link href="styles.css" rel="stylesheet" type="text/css" />

</head>

<body>

<div>

</div>

<div id="menu">

<ul>

<li><a href="Home.html">Home</a></li>

<li><a href="/code/">Source Code</a></li>

<li><a href="Downloads.html">Downloads</a></li>

<li><a class="active" href="Documentation.html">Documentation</a></li>

<li><a href="Donation.html">Donate</a></li>

<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>

</ul>

</div>

<div>

<p>

<a href="Documentation.html">Documentation</a>

<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

<a href="Miscellaneous.html">Miscellaneous</a>

<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">

<a href="Digital%20Signatures.html">Digital Signatures</a>

<p>PGP signatures have the following advantages, in comparison to X.509 signatures:</p>

<ul>

<li>They do not depend on any certificate authority (which might be e.g. infiltrated or controlled by an adversary, or be untrustworthy for other reasons).

</li></ul>

<h3>How to Verify X.509 Signatures</h3>

<p>Please note that X.509 signatures are currently available only for the VeraCrypt self-extracting installation packages for Windows. An X.509 digital signature is embedded in each of those files along with the digital certificate of the VeraCrypt Foundation

issued by a public certification authority. To verify the integrity and authenticity of a self-extracting installation package for Windows, follow these steps:</p>

<ol>

<li>Download the VeraCrypt self-extracting installation package. </li><li>In the Windows Explorer, click the downloaded file (&lsquo;<em>VeraCrypt Setup.exe</em>&rsquo;) with the right mouse button and select &lsquo;<em>Properties</em>&rsquo; from the context menu.

</li><li>In the <em>Properties</em> dialog window, select the &lsquo;<em>Digital Signatures</em>&rsquo; tab.

</li><li>On the &lsquo;<em>Digital Signatures</em>&rsquo; tab, in the &lsquo;<em>Signature list</em>&rsquo;, double click the line saying &quot;<em>IDRIX</em>&quot; or

<em>&quot;IDRIX SARL&quot;</em>. </li><li>The &lsquo;<em>Digital Signature Details</em>&rsquo; dialog window should appear now. If you see the following sentence at the top of the dialog window, then the integrity and authenticity of the package have been successfully verified:<br>

<br>

&quot;<em>This digital signature is OK.</em>&quot;<br>

<br>

If you do not see the above sentence, the file is very likely corrupted. Note: On some obsolete versions of Windows, some of the necessary certificates are missing, which causes the signature verification to fail.

</li></ol>

<h3 id="VerifyPGPSignature">How to Verify PGP Signatures</h3>

<p>To verify a PGP signature, follow these steps:</p>

<ol>

<br>

Note: If you skip this step and attempt to verify any of our PGP signatures, you will receive an error message stating that the signing key is invalid.

<p>Under Linux, these steps can be achieved using the following commands:</p>

<ul>

</li></ul>

</div><div class="ClearBoth"></div></body></html>