I am using Fedora 22 newly updated. I use the KVM manager “Virtual Machine Manager 1.2.1”. I never get as far as running the VM.
I downloaded the torrent files for both the workstation and gateway version 18.104.22.168.0 from whonix.org. The signature for the gateway torrent works OK. The signature for the workstation fails.
gpg --verify Whonix-Gateway-22.214.171.124.0.libvirt.xz.torrent.asc Whonix-Gateway-126.96.36.199.0.libvirt.xz.torrent
gpg: Signature made Tue 16 Jun 2015 04:03:27 BDT using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer firstname.lastname@example.org"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48
gpg --verify Whonix-Workstation-188.8.131.52.0.libvirt.xz.torrent.asc Whonix-Workstation-184.108.40.206.0.libvirt.xz.torrent
gpg: Signature made Tue 16 Jun 2015 04:35:41 BDT using RSA key ID 77BB3C48
gpg: BAD signature from “Patrick Schleizer email@example.com”
I managed to download both of these torrents but I don’t want to touch them because of this signature issue. Where can I find the signature for the downloaded files so I can check those?
Can someone please run this check on these files? They are tiny and download in a second. The files are here
You run the check like this “gpg --verify Whonix-Workstation-220.127.116.11.0.libvirt.xz.torrent.asc Whonix-Workstation-18.104.22.168.0.libvirt.xz.torrent”