merke
1
downloaded all sha512sum fles from here
gpg --verify xxx.sig Whonix-XFCE-16.0.3.7.Intel_AMD64.qcow2.libvirt.xz
output= no openpgp data found
gpg --verify Whonix-XFCE-16.0.3.7.sha512sums.asc Whonix-XFCE-16.0.3.7.sha512sums
output = correct signature
how to use sha512sums.sig ?
That is for signify
. Introduction:
(Whonix is based on Kicksecure.)
More specific instructions:
https://www.whonix.org/wiki/Verify_the_virtual_machine_images#Signify_Signatures
But at time of writing, using signify for Whonix KVM is undocumented as far as I know.