github fcorbelli/zpaqfranz 64.8
Windows 32/64 bit executables and source code
on GitHub

6 hours ago

Updated Update/Upgrade

The update/upgrade process has been redesigned.

It now downloads and verifies .p7m files (the same mechanism has been, or is being, adopted by Catpaq) containing the SHA-256 hashes of the main executables:

  • zpaqfranz.exe
  • zpaqfranzhw.exe
  • zpaqfranz32.exe

The .p7m files are digitally signed and should produce an output similar to: 

Verifying digital signature (.p7m)...
Digital signature OK (CF CRBFNC72T25H294X)

The displayed code (CRBFNC72T25H294X) is the unique Italian Tax Code (Codice Fiscale) of the signer (aka: me :smile )

You can quickly verify the signature online using:

https://www.francocorbelli.it/catpaq/verify.php?url=https://www.francocorbelli.it/zpaqfranz/win64/zpaqfranz.sha256.p7m

The source code of verify.php is available here:

https://github.com/fcorbelli/catpaq/blob/main/verify.php

This online verification is convenient, but it is not the highest level of verification available on Windows.

For maximum assurance, use: 

zpaqfranz update -paranoid

Then upload the downloaded .p7m file to:

https://vol.ca.notariato.it/it

This is the official verification service provided by the Italian National Council of Notaries.

If an antivirus engine or an online scanning service (such as VirusTotal) reports something suspicious, you can independently verify that the published hashes were digitally signed by the expected author (aka: me 😸 )

About .p7m signatures (for non Italians)

A .p7m file is a CMS/PKCS#7 digitally signed document.
Something like a "zip" file that incapsulate the original data.
In Italy it is the standard format used for legally recognized digital signatures issued through qualified certificates. It guarantees the authenticity of the signer, the integrity of the signed content, and allows anyone to verify that the file has not been modified after signing.
The verification process, however, is more complex because it involves checking not only whether a certificate exists, but also its validity period, whether it has been revoked, and so on. Therefore, zpaqfranz (and catpaq) use a simplified mechanism that protects against file corruption BUT NOT against stolen certificates, for example.

In such cases, an official 3rd party website that uses a more complex procedure is required.

Environment variables for passwords

The -key and -franzen passwords can now be supplied through the FRANZKEY and FRANZFRANZEN environment variables.

Improved DLL build

The DLL build process has been improved.

Minor fixes

Various minor fixes and improvements.

Improved output redirection

Output redirection handling has been improved.

Download zpaqfranz

Check out latest releases or
releases around fcorbelli/zpaqfranz 64.8

Don't miss a new zpaqfranz release

NewReleases is sending notifications on new releases.

Get notifications