sha512sums signify

Support
1

downloaded all sha512sum fles from here

gpg --verify xxx.sig Whonix-XFCE-16.0.3.7.Intel_AMD64.qcow2.libvirt.xz

output= no openpgp data found

gpg --verify Whonix-XFCE-16.0.3.7.sha512sums.asc Whonix-XFCE-16.0.3.7.sha512sums
output = correct signature

how to use sha512sums.sig ?

2

That is for signify. Introduction:

(Whonix is based on Kicksecure.)

More specific instructions:
https://www.whonix.org/wiki/Verify_the_virtual_machine_images#Signify_Signatures

But at time of writing, using signify for Whonix KVM is undocumented as far as I know.