Hello again, this is in reply to your earlier entry.
Many questions, but I’ll try to keep it short:
“The first time you start AxCrypt a real email address is required. Click help for more information” – If you’re off line when starting the first time, the only requirement is an email address that looks real, i.e. has the correct form. There’s no requirement to be online at any time to use AxCrypt.
“Verify that the download is undamaged and authentic by checking the digital signature” – No, we don’t need to publish any hashes, or verify the fingerprint of the certificate. That’s not relevant for Authenticode signatures, which use the PKI builtin your PC. That’s the way these certificates and signatures work. These are not PGP signatures with a weak “web of trust”. We’ve paid real money for the certificate authority to comply with manufacturer guidelines, and to verify that we are who we say we are and that your system has a trusted root certificate so you can trust ours.
“AxCrypt don’t have an SSL certificate on the main website” – You’re right for just the reasons you specify, and we will fix that. It’s on our to-do list, almost but not quite at the top!