- It does not matter if the bulk download is done over an insecure channel if OpenPGP verification is used at the end.
- OpenPGP is a standard for data encryption that provides cryptographic privacy and authentication through the use of keys owned by its users.
This is non-ideal but required since VirtualBox in unavailable in Debian
buster-backports. And it will not become available anytime soon either. See Unavailable in Debian stable and backports due to Licensing Issues. There is a chance VirtualBox will be available from Debian fasttrack [archive], see please add VirtualBox to fasttrack [archive]. Alternatively you could
- install VirtualBox from the Oracle Repository, or
- install https://people.debian.org/~lucas/virtualbox-buster/ [archive]
On the Linux platform.
1. Read License Agreement:
vboxmanage import Whonix-XFCE-184.108.40.206.4.ova --vsys 0 --eula show --vsys 1 --eula show
vboxmanage import Whonix-XFCE-220.127.116.11.4.ova --vsys 0 --eula accept --vsys 1 --eula accept