Probably a user error, I’ve gone through all the old threads on this subject and googled a bunch of different help articles to no avail. Would appreciate some assistance, thanks!
I’ve downloaded the Workstation and Gateway (Easy) about 4 separate times, and once over Tor through the onion link. Between each attempt and subsequent delete of the files, I’ve rebooted my computer. Here is the message I’ve gotten every time:
gpg --verify-options show-notations --verify Whonix-Workstation-.ova.asc Whonix-Workstation-.ova
gpg: Signature made 11/16/1 11:12:18 Eastern Standard Time using RSA key ID 77BB3C48
gpg: BAD signature from “Patrick Schleizer adrelanos@riseup.net” [unknown]
And the same for the Gateway. This is my first foray into this type of thing. I’ve added the signature into my keyring and tried verifying it through GNU Privacy Assistant, still tells me it’s bad.
Thank you in advance.
(Edit: there are asterisks in between the - and .ova … It’s just changing into italics here I guess.)
I’m having the same problems rclem is. I’ve exhausted my options searching google, reading forums. I keep coming back to this particular thread.
Here is what my terminal readout is…
shjen@ubuntu:~/Downloads$ gpg --verify-options show-notations --verify Whonix-Gateway-.ova.asc
Whonix-Gateway-.ova
gpg: Signature made Mon 16 Nov 2015 07:36:59 AM PST using RSA key ID 77BB3C48
gpg: Good signature from “Patrick Schleizer adrelanos@riseup.net”
gpg: Signature notation: issuer-fpr@notations.openpgp.fifthhorseman.net=6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: Signature notation: file@name=Whonix-Gateway-12.0.0.3.2.ova
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48
This is showing that the Gateway is finding the signature fine, and is working…however, I keep getting this message, claiming a BAD Signature.
shjen@ubuntu:~/Downloads$ gpg --verify-options show-notations --verify Whonix-Workstation-.ova.asc
Whonix-Workstation-.ova
gpg: Signature made Mon 16 Nov 2015 08:12:18 AM PST using RSA key ID 77BB3C48
gpg: BAD signature from “Patrick Schleizer adrelanos@riseup.net”