This project has moved. For the latest updates, please go here.

how to download via https?

Topics: Technical Issues
Nov 8, 2016 at 6:04 PM
Hi, no matter how hard I try, veracrypt setup download is always redirected to http only download, even the sig file, which can be "patched" by evil isp, malicious tor exit node owner, or simply anyone along the route, so I don't know if I have compromised download or I have genuine one. Because downloads are always from different servers (not veracrypt.codeplex.com), how can I know the link is genuine? Any http can be easily redirected to malicious web page. On sourceforge are http-only downloads too.

I can grab the link and replace http with https manually on msft site (http -> https://download-codeplex.sec.s-msft.com/...), but I don't know, if it is correct path. And on sourceforge this does not work at all. This is not cool.

I see this as a big security hole. What is the safe way to download veracrypt? Thanks.
Coordinator
Nov 18, 2016 at 3:05 PM
The official page to get secure link for downloads is https://veracrypt.codeplex.com/wikipage?title=Downloads (this link is present in the home page).

Otherwise, you can get the installers from Bitbuckets (https://bitbucket.org/veracrypt/veracrypt/downloads) or Launchpad (https://launchpad.net/veracrypt/+download) where dowload links are HTTPS by default.
Marked as answer by testoslav on 12/10/2016 at 5:09 AM
Nov 20, 2016 at 3:25 PM
Thank you, good to know these locations.