GnuPG/PGP Signatures


New Member
I search the Heidi web site but could not find a PGP public key. I thought I had read old copies of eraser were signed.

Is this something that will be done for the final 5.8 or future 5.8 betas?

I am sure as popular as Eraser is there could be "fake" versions.

It just seems wise for Heidi to have a corperate public key.


New Member
I, too, would be much more comfortable if a PGP signature file of the latest Eraser installer was available online. Or at a minimum, a SHA1 or MD5 digest of the installer, hosted on a site other than SourceForge. This will greatly hinder a malicious attacker from replacing the Eraser installer, with one that installs a Trojan horse.

Most open source, security-oriented software follows this practice, including GPG and OpenSSH. If Eraser is to be considered serious about security, I think the author should consider following their lead.

Apologies if this is already being done, and I've just overlooked the information.



Staff member
The install is already digitally signed with our own root cert.



New Member
Hi Garrett,

Are you referring to Authenticode? If so, I don't see a "Digital Signatures" tab when I view the properties of eraser582setup.exe in Windows Explorer.

If you're referring to a PGP/GPG .sig file, where can I download it for version 5.82?

Thank you.