Lets do checksum instead. I will show you how to do it manually since you both already have PGP downloaded. This is super easy method to visually verify that you download is valid. Also, you can use this method with any other website that provides checksum info.
- Download Daedalus package.
- Go to the folder that package downloaded. (For me it’s downloads folder)
- Right click on the downloaded file
- From the popup menu choose “More GpgEX options”
- Another menu will expand on the side. From that menu choose “Create checksum”
- You will see Kleopatra window pop up and in a few seconds it will say that the checksum files were created and it will show the path to the file. Text file name is ‘Sha256Sum’ . Usually it will be right next to your downloaded file. It will look like this:
- Open the file (you can just use Note Pad to open it). Inside you will see checksum created by Klopatra and the path to the file.
8. Now go to Daedalus page where you downloaded the file from and click that clipboard icon to copy checksum provided by website.
9. Go back to Sha256Sum text document that is open in your Notepad and paste checksum you got from the Daedalus website directly below checksum provided by Kleopatra.
10. Now you can visually check if both numbers are the same. If they are the same then file wasn’t modified or corrupted and downloaded file is safe to use. Open file and install.
If numbers differ, then erase the file, check if you are on real Daedalus page. Or try to reach the page trough official websites (such as links in Cardano.org).
There are many other ways to check using CMD, certutil, other apps… however this is the only way that will be easy for techies or non-techies and is not dependent on anything else other than the tools you already have.
Also, you can use this technique on any download as long as the source provides checksum. So, if you ever wondered if that google app store app was legit, here is a way to check.
Hope this helps