Hello,
when i trie to verify the iso Whonix-Workstation-9.3.ova with the Whonix-Workstation-9.3.ova.asc signature il get an error that the image/iso is signed with an not known certifcat – > Signed on 2014-10.17 16:36 0x6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
(used software to check signature Kleopatra)
If im correct the finger print from patrics pgp is gpg --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA this so i should see his fingerprint ?
(I imported the puplic key patrick.asc, which every Whonix version should be signed)
My fault its a virtualmachin container.
The solution:
use linux, debian based distrio:
gpg --import patrick.asc
gpg --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
The output should look like this:
pub 4096R/2EEACCDA 2014-01-16 [expires: 2016-10-05]
Key fingerprint = 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
uid Patrick Schleizer adrelanos@riseup.net
sub 4096R/CE998547 2014-01-16 [expires: 2016-10-05]
sub 4096R/119B3FD6 2014-01-16 [expires: 2016-10-05]
sub 4096R/77BB3C48 2014-01-16 [expires: 2016-10-05]
gpg --verify Whonix-Workstation-9.3.ova.asc
now you get as a result a good signature or a bad one
rolento