The Section 2.4.2, “Signature Checking Using GnuPG” section describes
how to verify MySQL downloads using GPG. That guide also applies
to Microsoft Windows, but another option is to use a GUI tool
like Gpg4win. You
may use a different tool but our examples are based on Gpg4win,
and utilize its bundled
Download and install Gpg4win, load Kleopatra, and add the MySQL Release Engineering certificate. Do this by clicking, . Type "Mysql Release Engineering" into the search box and press .
Select the "MySQL Release Engineering" certificate. The Key-ID must reference "3A79 BD29", or choose Imported Certificates tab.to confirm the certificate is valid. Now, import it by clicking . When the import dialog is displayed, choose , and this certificate should now be listed under the
Next, grant trust to the certificate. Select our certificate, then from the main menu select, , and click .
Next, verify the downloaded MySQL package file. This requires
files for both the packaged file, and the signature. The
signature file must have the same name as the packaged file but
with an appended
.asc extension, as shown
by the example in the following table. The signature is linked
to on the downloads page for each MySQL product. You must create
.asc file with this signature.
Table 2.2 MySQL Package and Signature Files for MySQL Server MSI for Microsoft Windows
Make sure that both files are stored in the same directory and
then run the following command to verify the signature for the
distribution file. Load the dialog from
The two most common results look like the following figures; and although the "The data could not be verified." warning looks problematic, the file check passed with success. For additional information on what this warning means, click Show Audit Log and compare it to Section 2.4.2, “Signature Checking Using GnuPG”. You may now execute the MSI file.
Seeing an error such as Verification failed: No Data. means the file is invalid. Do not execute the MSI file if you see this error.