Whonix 17 for VirtualBox signature verification failure

I’ve downloaded 4 times from different sources (xfce ova version), the signature doesn’t match, maybe it got corrupted when uploading the ova, could you please check?

Thank you so much.

I cannot reproduce this.

Tested:

gpg --verify Whonix-Xfce-17.0.3.0.ova.asc
gpg: assuming signed data in 'Whonix-Xfce-17.0.3.0.ova'
gpg: Signature made Mon 10 Jul 2023 11:23:27 PM UTC
gpg:                using RSA key 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos@kicksecure.com>" [unknown]
gpg:                 aka "Patrick Schleizer <adrelanos@riseup.net>" [unknown]
gpg:                 aka "Patrick Schleizer <adrelanos@whonix.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC  7A2A 8D66 066A 2EEA CCDA
     Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30  AFA1 CB8D 50BB 77BB 3C48

Verified on server and verified after downloading it myself.

I have downloaded the ova again and this time it has matched me. Apparently the previous downloads were downloaded wrong.

Thanks for everything.

2 Likes