Iso verification


when i trie to verify the iso Whonix-Workstation-9.3.ova with the Whonix-Workstation-9.3.ova.asc signature il get an error that the image/iso is signed with an not known certifcat – > Signed on 2014-10.17 16:36 0x6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48

(used software to check signature Kleopatra)

If im correct the finger print from patrics pgp is gpg --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA this so i should see his fingerprint ?
(I imported the puplic key patrick.asc, which every Whonix version should be signed)

  1. We don’t provide iso’s yet.

  2. Kleopatra has a bug. It’s documented here:
    Verify Whonix ™ Virtual Machine Images in Windows

My fault its a virtualmachin container.
The solution:

use linux, debian based distrio:

gpg --import patrick.asc

gpg --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA

The output should look like this:

pub 4096R/2EEACCDA 2014-01-16 [expires: 2016-10-05]
Key fingerprint = 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
uid Patrick Schleizer
sub 4096R/CE998547 2014-01-16 [expires: 2016-10-05]
sub 4096R/119B3FD6 2014-01-16 [expires: 2016-10-05]
sub 4096R/77BB3C48 2014-01-16 [expires: 2016-10-05]

gpg --verify Whonix-Workstation-9.3.ova.asc

now you get as a result a good signature or a bad one