Good day,
Are already delivered with it to make deployment in unsafe/uncontrolled enviroments easier.
I see.
Ok. My initial concept was actually meant to automate that step to (i.e. bundle GPG with the signature for the installer, run it in the background and hand over to the installer once it received the go-ahead) since most “Windows-users” aren’t really used to doing things like it. That’s why I am slightly anxious about whether an attacker might have the capabilities of changing this “verification-part” on the fly…
Maybe a good idea would be to, rather than bundle the verification and the installer together, thus making manipluation of both easier, delivering the two seperatley, while still being smpler than doing it yourself. What I mean by this is the following: The user first downloads the installer as usual. He then downloads a second, seperate .exe. This .exe would have to be put in the same folder as the “Install Whonix.exe” and once executed would run a portable version of GPG with the signed and verificated keys already bundled. It then outputs “OK!” or “File corrupted! Download again” giving the user a tangible and simple way to verify the installer.
For now however, I feel like I should finish designing the “UI/Launcher/whatever”. Will technically likely still use this old, functional code as a base though with a (slightly) better appearance: Creating a custom UI for VBox the fast way - Whonix Windows GUI - #3 by Ego
Sure.
Can no be downloaded from here: MEGA Sadly, like mentioned above, Github decided to time out.
Have a nice day,
Ego