After we download the Boxcryptor installation file, how may we verify it has the correct PGP signature, and where may we find the public key for Boxcryptor's developer who signs the file?
You can check the .msi file by going to the "Properties" and then select the tab "Digital Signatures". See screenshot.
Yasmin Thank you for your reply on how to verify the developer signature in a .msi file on Windows. How to do this with a .dmg file on macOS?
The .dmg file is verified by Gatekeeper.
You can check the .app when you mount the .dmg with (in Terminal) for instance:
codesign -dv --verbose=4 /Volumes/Boxcryptor\ Installer/Boxcryptor.app