1. Browse to https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk

• Right-click Downloading The Installer → Right-click Save → Right-click Run.

2. Set the correct path.

After the the installer finishes loading:

• Right-click Continue → choose PATH → C:\Users\<user_name>\Downloads\Windows Kits\<windows_version>\WindowsSDK → Right-click Next.

Figure: Choose SDK Installation Path

3. Install the necessary SDK package.

The Windows SDK installer provides a number of different packages that can be installed. The only package needed for gpg4win verification is Windows SDK Signing Tools for Desktop Apps (SignTools). Be mindful that earlier SDK version packages may be named differently from later SDK versions. For example, the package that contains SignTool in SDK for Windows 8.1 is named Windows Software Developmental Kit. This differs from the corresponding package in Windows 10.

Figure: Select SignTools Package

Once the box to the corresponding package is "checked", right-click Download. Once installation is complete, close the installer.

Figure: Finalized SDK Download

1. Download the gpg4win package.

• Navigate to https://files.gpg4win.org
• Scroll down and download the latest version of gpg4win and the corresponding signature. At the time of writing (August 2020) gpg4win-3.1.12.exe was the latest version.

2. Verify the gpg4win package by running SignTool from the command prompt.

To open a command prompt, in the Windows Start Menu, run.

cmd.exe

From the command prompt, change to the Downloads directory.

cd C:\Users\<your_user_name>\Downloads

Verify the gpg4win package using SignTool.

signtool verify /pa gpg4win-3-1.12.exe

The following output shows a successful gpg4win verification.

Figure: Successful Verification

It is important to check the integrity of the downloaded Whonix ™ Windows Installer to ensure that neither a man-in-the-middle attack or file corruption occurred; (see Download Security).

1. If not already completed, have GnuPG initialize your user data folder.

gpg --fingerprint

2. Download the signing key.

3. Store the key as C:\Users\<user_name>\Downloads\derivative.asc

4. Check fingerprints/owners without importing anything.

gpg --keyid-format long --with-fingerprint derivative.asc

5. Verify the output. The output should be identical to the following.

TODO

If the key was successfully imported, the following message will appear.

TODO

6. Import the key.

gpg --import derivative.asc

The output should confirm the key was imported.

TODO

Output already imported.

If the signing key was already imported in the past, the output should confirm the key is unchanged.

TODO

4. Start the cryptographic verification, which can take several minutes.

In Windows command prompt, change to the directory with the whonix-installer.exe package and corresponding signature file.

cd C:\Users\<user_name>\<directory_name>

Next, verify the Whonix ™ Windows Installer.

gpg --verify-options show-notations --verify whonix-installer.exe.asc whonix-installer.exe

If the Whonix Installer image is correct the output will tell you that the signature is good.

TODO

This might be followed by a warning saying:

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

This message does not alter the validity of the signature related to the downloaded key. Rather, this warning refers to the level of trust placed in the Whonix ™ signing key and the web of trust. To remove this warning, the Whonix ™ signing key must be personally signed with your own key.

The first line includes the signature creation timestamp. Example.

gpg: Signature made Sun 18 Aug 2019 08:31:41 PM EDT

Note: When the Whonix ™ Windows Installer is executed, the currently installed VirtualBox package -- if there is one installed on the system -- is removed and the latest VirtualBox package is installed. ^[5]

Whonix ™ can be installed by simply running whonix-installer.exe. When installation is complete, users will be greeted with the Whonix ™ GUI which can then be used to start the VMs. Keep in mind that installation could take can up to 15 minutes to complete depending on your hardware configuration.

In the folder you downloaded the Whonix ™ Windows Installer:

• Double "click" whonix-installer.exe → License agreement → "click" Install → Finish

Figure: Whonix Windows Installer

Figure: Install Whonix

Figure: License agreement

Figure: Extracting files

Figure: Whonix installation complete

Whonix Desktop Starter

• Double "click" Whonix desktop starter → "click" Start Whonix.

VirtualBox interface

• Double "click" Whonix desktop starter → "click" Advanced in Whonix GUI.

When the Advanced button is pressed, the VirtualBox user interface will open and the VMs can be started.

The VirtualBox interface will provide a more granular control of the VMs. From there users can manage the Whonix ™ VMs or modify VirtualBox settings.

Figure: Whonix desktop starter

Figure: Whonix user interface

Figure: Start Whonix VM

From the Whonix GUI

• Both Whonix VMs can be shutdown simultaneously by clicking the Stop Whonix button.

Figure: Stop Whonix VMs