:: gpgsha.cmd 1.1.0 15-08-2020 :: :: Windows command script that verifies the SHA256 hash of a file in the current :: directory, provided the hash and name of that file are listed in a file :: called hashes.asc, also present in that directory. :: When called with arguments, it acts as a link to the gpg executable, in case :: this is installed in the usual location (see below). :: @echo off if not "%1" == "" ( "C:\Program Files (x86)\gnupg\bin\gpg.exe" %* exit /b ) SetLocal EnableDelayedExpansion for /f "tokens=1,2 delims= " %%a in (hashes.asc) do ( set H=%%a if not "%%a" == "#" ( if not "%%b" == "" ( if not "!H:~0,1!" == "-" ( if /i not "!H:~0,5!" == "hash:" ( if exist %%b ( set r= for /f "tokens=* delims= " %%i in ('certutil -hashfile %%b SHA256 ^| find /i /v "hash"') do ( for %%z in (%%i) do set "r=!r!%%z" ) if !r! == %%a ( echo %%b SHA256 hash good ) else ( echo %%b SHA256 hash BAD ) ) ) ) ) ) ) EndLocal exit /b