Good morning I bought a new computer. I immediately wanted to see if it would
turn on Whonix. Out of excitement, I downloaded the Whonix-XFCE-16.0.9.8.ova
without checking the signature. I know, I know - I’m ashamed of it.
Additionally, after turning it on, I had a problem with the Tor browser.
It was only the next day after importing Whonix-XFCE-16.0.9.8.ova to Virtualbox
again that the browser started working. I wanted to check the signature of Whonix-XFCE-16.0.9.8.ova. There was already a new release on the Whonix website-Whonix-XFCE-16.1.1.5.ova and its signature. I even tried to check the signature on Whonix-XFCE-16.0.9.8.ova using Whonix-XFCE-16.1.1.5.ova.asc. The signature is displayed as incorrect
Command: gpg --verify-options show-notations --verify Whonix-.ova.asc Whonix-.ova
shows:
gpg: Signed on Tue, May 30, 2023, 6:58:31 PM CET
gpg: using a key RSA 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: INVALID signature by ‘Patrick Schleizer adrelanos@kicksecure.com’’ [unknown]
I guess the problems with the browser were related to the update of the Whonix release (they resolved themselves over time).
However, I would like to be sure that the image I downloaded was correct. Does anyone have a copy of the Whonix-XFCE-16.0.9.8.ova signature? Sorry for the confusion