Actions

Verify the Whonix Windows Installer

From Whonix


About this Windows Quick Start Page
Support Status stable
Difficulty medium
Maintainer 0brand
Support Support

Introduction[edit]

The Whonix ™ Windows Installer was developed with design goals focused on provide users with an fast and easy method to install Whonix ™ in Microsoft Windows. When whonix-installer.exe is executed the latest stable VirtualBox version and both Whonix ™ VMs are seamlessly installed on the Windows machine. Once Whonix ™ is installed, users only need to click the start button in the Whonix ™ GUI for both Whonix-Gateway ™ and Whonix-Workstation ™ VMs to start.

Download the Whonix ™ Installer for Microsoft Windows.

Ambox warning pn.svg.png By downloading, you acknowledge that you have read, understood and agreed to our Terms of Service and License Agreement.

Version: 15.0.0.4.9

Whonix Windows Installer
Anonymous Download
Possible [1]
Download Security
- - Without Verification With Verification
Https long.png Whonix Installer Yes [1] Medium High [2]
Signature.png OpenGPG Signature Yes [1] - -
Crypto key.png Signing Key Yes [1] - -

Before continuing, download both Whonix ™ Windows Installer and corresponding OpenPGP signature in the above download table. Then continue with the steps needed to verifying the Whonix installer. Users that are familiar with OpenPGP verification can additionally download the signing key and verify the Whonix ™ Windows installer.

Overview[edit]

The following guide provides steps to:

  1. Import the Intevation CA certificate.
  2. Install SignTool.
  3. Download and verify GPG4win.
  4. Install the developers signing key
  5. Verify the Whonix Windows Installer.

Install Gpg4win[edit]

GnuPG is a complete and free implementation OpenPGP that allows users to encrypt and sign data and communications. Gpg4win is a graphical front end for GnuPG that is used to for file and email encryption in Windows. The verification process for the Whonix ™ Windows Installer begins with securely downloading an verifying the gpg4win package. Once completed GPG can be used from the command-line to verify the Whonix ™ Windows Installer.

Import the Intevation CA Certificate[edit]

Intevation, the company that hosts GnuPG does not maintain a secure TLS site for gpg4win.[3] To mitigate the threat from attackers using a man-in-the-middle attack to provide users with a forged version of GnuPG. Intevation offers a self-signed certificate which is again, secured by a certificate signed by GeoTrust. This certificate can be easily downloaded and imported.

Before placing Trust in CA certificates understand the risks associated with the Fallible Certificate Authority Model.

Download the Intevation CA certificate.

Figure: Download SDK Installer

Get windows sdk installer.png

Next, import the certificate.

  • Right-click Intevation-Root-CA-2016 fileInstall CertificateRight-click Open"check" Local MachineRight-click Next"check" Automatically select the certificate store based on the type of certificateRight-click NextRight-click Finish.

When successful the Certificate Import Wizard will show "The import was successful". Click "OK" to exit.

Install SignTools[edit]

The following instructions install SignTool in Windows 10 (stable release). For earlier Windows releases (Windows XP, Vista, 7 and 8) users can install SignTool by substituting the corresponding SDK Installer found in the Windows SDK archives for the Windows 10 SDK installer in the below instructions.

SignTools is a Windows command-line tool that uses Authenticode to digitally sign files and verify both signatures in files and time stamp files. SignTool is available as part of Mirosoft Windows SDK, which can be can be installed in just a few easy steps. Once installed it can be used to verify the gpg4win package before installation.

Browse to https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk

  • Right-click Downloading The InstallerRight-click SaveRight-click Run.

When the the installer finishes loading.

  • Right-click Continuechoose PATHC:\Users\<user_name>\Downloads\Windows Kits\<windows_version>\WindowsSKDRight-click Next.

Figure: Choose SDK installation path

Sdk installer specify download path.png

The Windows SDK installer provides a number of different packages that can be installed. The only package needed for gpg4win verification is Windows SDK Signing Tools for Desktop Apps (SignTools). Be mindful that earlier SDK version packages may be named differently from later SDK versions. For example, the package that contains SignTool in SDK for Windows 8.1 is named Windows Software Developmental Kit. This differs from the corresponding package in Windows 10.

Figure: Select SignTools package

Select sdk features for download.png

Once the box to the corresponding package is "checked", right-click Download. Once installation is complete the installer can be closed.

Figure: SDK download complete

Sdk installer download complete.png

Download and Verify GPG4win[edit]

The Intevation self-signed certificate will allow gpg4win to be securely downloaded and SignTool can then be used to verify the authenticity of the gpg4win package itself.

Note: To simplify the SignTool verification process be sure to download gpg4win package to the Downloads directory.

1. Download the gpg4win package by first browsing to https://files.gpg4win.org

Next, scroll down and download the latest version of gpg4win and the corresponding signature. At the time of writing (July 02 2019) gpg4win-3.1.9.exe was the latest version. Since the Intevation CA certificate has been imported no errors should be encountered when the gpg4win package is downloaded.

2. The gpg4win package can be verified by running SignTool from the command prompt.

To open a command prompt, in the Windows Start Menu, run.

cmd.exe

Next, from the command prompt, change to the Downloads directory.

cd C:\Users\<your_user_name>\Downloads

Then verify the gpg4win package using SignTool.

signtool verify /pa gpg4win-3-1.9.exe

The following output shows a successful gpg4win verification.

Figure: Successful verification

Signtool verify gpg4win success.png


If verification fails delete the gpg4win package and repeat the download and verification process again.

Verify the Whonix ™ Windows Installer[edit]

It is important to check the integrity of the downloaded Whonix ™ Windows Installer to ensure that neither a man-in-the-middle attack or file corruption occurred; (see Download Security).

Ambox warning pn.svg.png Do not continue if verification fails! This risks using infected or erroneous files! The whole point of verification is to confirm file integrity. This page is strongly related to the Placing Trust in Whonix ™ page.

1. If not already completed, have GnuPG initialize your user data folder.

gpg --fingerprint

2. Download 0brand's OpenPGP key.

0brand.asc

3. Store the key as C:\Users\<user_name>\Downloads\0brand.asc

4. Check fingerprints/owners without importing anything.

gpg --keyid-format long --with-fingerprint 0brand.asc

5. Verify the output. The output should be identical to the following.

pub   rsa4096/CFDBC23923C0433B 2019-08-08 [SC] [expires: 2021-08-07]
      Key fingerprint = B67C 6FE6 4BAE 05CD 05ED  775D CFDB C239 23C0 433B
uid                           "0brand" <0brand@mailbox.org>
sub   rsa4096/530523783446A24A 2019-08-08 [E] [expires: 2021-08-07]
sub   rsa4096/397090C34BED0A12 2019-08-08 [S] [expires: 2021-08-07]

If the key was successfully imported, the following message will appear.

gpg: key 0xCFDBC23923C0433B: public key ""0brand" <0brand@mailbox.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1

6. Import the key.

gpg --import 0brand.asc

The output should confirm the key was imported.

gpg: key 0xCFDBC23923C0433B: public key ""0brand" <0brand@mailbox.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Output already imported.

If the signing key was already imported in the past, the output should confirm the key is unchanged.

gpg: key 0xCFDBC23923C0433B: ""0brand" <0brand@mailbox.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

4. Start the cryptographic verification, which can take several minutes.

In Windows command prompt, change to the directory with the whonix-installer.exe package and corresponding signature file.

cd C:\Users\<user_name>\<directory_name>

Next, verify the Whonix ™ Windows Installer.

gpg --verify-options show-notations --verify whonix-installer.exe.asc whonix-installer.exe

If the Whonix Installer image is correct the output will tell you that the signature is good.

gpg: Signature made Sun 18 Aug 2019 08:31:41 PM EDT
gpg:                using RSA key 307274F1AF46F1599B3F40A1397090C34BED0A12
gpg: Good signature from ""0brand" <0brand@mailbox.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B67C 6FE6 4BAE 05CD 05ED  775D CFDB C239 23C0 433B
     Subkey fingerprint: 3072 74F1 AF46 F159 9B3F  40A1 3970 90C3 4BED 0A12


This might be followed by a warning saying:

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

This message does not alter the validity of the signature related to the downloaded key. Rather, this warning refers to the level of trust placed in the Whonix signing key and the web of trust. To remove this warning, the Whonix signing key must be personally signed with your own key.

warning Check the GPG signature timestamp makes sense. For example, if you previously saw a signature from 2018 and now see a signature from 2017, then this might be a targeted rollback (downgrade) or indefinite freeze attack. [4]

The first line includes the signature creation timestamp. Example.

gpg: Signature made Sun 18 Aug 2019 08:31:41 PM EDT

warning Note: OpenPGP signatures sign files, but not file names. [5]

Install Whonix[edit]

Note: When the Whonix ™ Windows Installer is executed, the currently installed VirtualBox package -- if there is one installed on the system -- is removed and the latest VirtualBox package is installed. [6]

Whonix ™ can be installed by simply running whonix-installer.exe. When installation is complete, users will be greeted with the Whonix ™ GUI which can then be used to start the VMs. Keep in mind that installation could take can up to 15 minutes to complete depending on your hardware configuration.

In the folder you downloaded the Whonix ™ Windows Installer:

  • Double "click" whonix-installer.exeLicense agreement "click" Install → Finish


Figure: Whonix Windows Installer

Whonix windows installer.png


Figure: Install Whonix

Whonix installer wizard.png


Figure: License agreement

Whonix windows installer license agreement.png


Figure: Extracting files

Installing whonix.png


Figure: Whonix installation complete

Whonix setup wizard complete.png

Start Whonix[edit]

Whonix Desktop Starter

  • Double "click" Whonix desktop starter"click" Start Whonix.

VirtualBox interface

  • Double "click" Whonix desktop starter "click" Advanced in Whonix GUI.

When the Advanced button is pressed, the VirtualBox user interface will open and the VMs can be started.

The VirtualBox interface will provide a more granular control of the VMs. From there users can manage the Whonix ™ VMs or modify VirtualBox settings.

Figure: Whonix desktop starter

Whonix desktop starter.png


Figure: Whonix user interface

Whonix User Interface start.png


Figure: Start Whonix VM

Virtualbox user interface.png

Shutdown Whonix[edit]

From the Whonix GUI

  • Both Whonix VMs can be shutdown simultaneously by clicking the Stop Whonix button.

Figure: Stop Whonix VMs

Whonix User Interface stop.png

VirtualBox Screen Resolution Bug[edit]

Cli4.png

If the display presents like the image on the right-hand side, then you are affected by a screen resolution bug which only occurs in VirtualBox. To correct the resolution, apply the following workaround.

  1. Maximize the window.
  2. VirtualBox VM WindowViewVirtual Screen 1Choose any, resize to another resolution
  3. VirtualBox VM WindowViewAuto-resize Guest Display
Cli3.png

First Time Users[edit]

First time user?

Whonix / Kicksecure default admin password is: changeme default username: user
default password: changeme

Whonix first time users warning Warning:

  • If you do not know what metadata or a man-in-the-middle attack is.
  • If you think nobody can eavesdrop on your communications because you are using Tor.
  • If you have no idea how Whonix works.

Then read the Design and Goals, Whonix ™ and Tor Limitations and Tips on Remaining Anonymous pages to decide whether Whonix is the right tool for you based on its limitations.

Footnotes and Experimental Spectre / Meltdown Defenses

Please press on expand on the right.

VirtualBox Stable Version | VirtualBox Testers Only Version

Testers only! For more information please press on expand on the right.

These experimental Spectre/Meltdown defenses are related to issues outlined in Firmware Security and Updates. Due to the huge performance penalty and unclear security benefits of applying these changes, it may not be worth the effort. The reason is VirtualBox is still likely vulnerable, even after:

  1. A host microcode upgrade.
  2. A host kernel upgrade.
  3. A VM kernel upgrade.
  4. A "not vulnerable" result from spectre-meltdown-checker run on the host.
  5. Installation of the latest VirtualBox version. [7]
  6. All Spectre/Meltdown-related VirtualBox settings are tuned for better security as documented below.

To learn more, see: VirtualBox 5.2.18 vulnerable to spectre/meltdown despite microcode being installed and the associated VirtualBox forum discussion. [8] Users must patiently wait for VirtualBox developers to fix this bug.

On the host. [9] [10] [11] [12] [13] [14] [15]

VBoxManage modifyvm "Whonix-Gateway" --ibpb-on-vm-entry on
VBoxManage modifyvm "Whonix-Workstation" --ibpb-on-vm-entry on
VBoxManage modifyvm "Whonix-Gateway" --ibpb-on-vm-exit on
VBoxManage modifyvm "Whonix-Workstation" --ibpb-on-vm-exit on
VBoxManage modifyvm "Whonix-Gateway" --l1d-flush-on-vm-entry on
VBoxManage modifyvm "Whonix-Workstation" --l1d-flush-on-vm-entry on
VBoxManage modifyvm "Whonix-Gateway" --l1d-flush-on-sched on
VBoxManage modifyvm "Whonix-Workstation" --l1d-flush-on-sched on
VBoxManage modifyvm "Whonix-Gateway" --spec-ctrl on
VBoxManage modifyvm "Whonix-Workstation" --spec-ctrl on
VBoxManage modifyvm "Whonix-Gateway" --nestedpaging off
VBoxManage modifyvm "Whonix-Workstation" --nestedpaging off

Info These steps must be repeated for every Whonix or non-Whonix VirtualBox VM, including multiple and custom VMs.

The above instructions only apply to the default VM names Whonix-Gateway ™ and Whonix-Workstation ™. Therefore, if Multiple Whonix-Workstation ™s and/or Multiple Whonix-Gateway ™s are configured, then repeat these instructions using the relevant name/s.


Footnotes[edit]

  1. 1.0 1.1 1.2 1.3 By using the Tor Browser Bundle (TBB). For an introduction, see Tor Browser. See also Hide Tor and Whonix ™ from your ISP.
  2. It does not matter if the bulk download is done over an insecure channel if OpenPGP verification is used at the end.
  3. See: Getting a GnuPG version for Windows in a secure way: https://lists.torproject.org/pipermail/tor-talk/2013-August/029256.html
  4. As defined by TUF: Attacks and Weaknesses:
  5. http://lists.gnupg.org/pipermail/gnupg-users/2015-January/052185.html
  6. At the time of writing (AUG 19 2019) VirtualBox 6.0.10 was the latest stable release version.
  7. VirtualBox version 5.2.18 or above is required since only that version comes with Spectre/Meltdown defenses. See https://forums.whonix.org/t/whonix-vulerable-due-to-missing-processor-microcode-packages/5739/22.
  8. Also see the following Whonix forum discussion: Whonix vulerable due to missing processor microcode packages? spectre / meltdown / retpoline / L1 Terminal Fault (L1TF)
  9. --ibpb-on-vm-[enter|exit] on|off: Enables flushing of the indirect branch prediction buffers on every VM enter or exit respectively. This could be enabled by users overly worried about possible spectre attacks by the VM. Please note that these options may have sever impact on performance.
    https://www.virtualbox.org/manual/ch08.html

    There is a mistake in the VirtualBox manual stating enter which does not work. It is actually entry.

  10. https://www.virtualbox.org/manual/ch08.html

    --l1d-flush-on-vm-enter on|off: Enables flushing of the level 1 data cache on VM enter. See Section 13.4.1, “CVE-2018-3646”.

  11. --l1d-flush-on-sched on|off: Enables flushing of the level 1 data cache on scheduling EMT for guest execution. See Section 13.4.1, “CVE-2018-3646”.
    https://www.virtualbox.org/manual/ch08.html

  12. https://www.virtualbox.org/manual/ch13.html#sec-rec-cve-2018-3646

    For users not concerned by this security issue, the default mitigation can be disabled using

    VBoxManage modifyvm name --l1d-flush-on-sched off

    Since we want to enable the security feature we set --l1d-flush-on-sched on.

  13. --spec-ctrl on|off: This setting enables/disables exposing speculation control interfaces to the guest, provided they are available on the host. Depending on the host CPU and workload, enabling speculation control may significantly reduce performance.
    https://www.virtualbox.org/manual/ch08.html

  14. According to this VirtualBox ticket --spec-ctrl should be set to on.
  15. --nestedpaging on|off: If hardware virtualization is enabled, this additional setting enables or disables the use of the nested paging feature in the processor of your host system; see Section 10.7, “Nested paging and VPIDs” and Section 13.4.1, “CVE-2018-3646”.


No user support in comments. See Support. Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.


Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.


Random News:

Check out the Whonix News Blog.


https | (forcing) onion

Follow: Twitter | Facebook | gab.ai | Stay Tuned | Whonix News

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.

Footnotes[edit]


No user support in comments. See Support. Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy. <comments />


Random News:

Please consider a recurring donation!


https | (forcing) onion

Follow: Twitter | Facebook | gab.ai | Stay Tuned | Whonix News

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.