Hello, reading the VPN before Tor docs page here at the whonix site I decided to try out the Bitmask vpn using the bundle version and not the package one, I’ve downloaded the .tar.gz file and it’s .asc file for the authentication,
Doing the normal “gpg --verify FILENAME_HERE.asc” I got this : “gpg : Can’t check signature: public key not found” , and I’m sure the public key is there and it’s the key they are giving to authenticate the file.
THOUGH with the “gpg --verify…” attempt it showed that the RSA key ID that have being used to sign the file does not match with the one they give you (the RSA key ID does not match with the public key they give you).
I’m not very handy with the authentications yet so THE POINT IS: DID I DO IT RIGHT and they signed the file with another key from the one they give you to check or I just did something wrong?
PS: the page that explains how to authenticate is this https://bitmask.net/en/install/signature-verification
and the page to download the bundle and it’s key (.asc) file is this: https://dl.bitmask.net/client/linux/stable/ with the 2 files being Bitmask-linux… etc.
I know it’s not strictly Whonix-Related but I had nowhere to go and I’m sure you guys know how to properly verify a signature