Actions

Verify Whonix ™ Images Software Signatures

From Whonix



Verifywhoniximages.png

notice Digital signatures can increase security but this requires knowledge. Learn more about digital software signature verification.


OpenPGP Signature[edit]

Qubes[edit]

Qubes-logo-blue.png Qubes-Whonix ™ templates are automatically verified when qubes-dom0-update downloads and installs them; manual user verification is unnecessary.

VirtualBox[edit]

Info The Whonix Windows Installer is currently unavailable.

Virtualbox logo.png Steps to verify the virtual machine images depend on the operating system in use:

Also see: VirtualBox Appliance is not signed Error Message.

KVM[edit]

Kvmbanner-logo26.png Refer to the KVM Tux.png Linux on the Command Line instructions.

Signify Signatures[edit]

Info Advanced users only!

It is impossible to sign images (.ova / libvirt.tar.xz) directly. [archive] You can only verify the .sha512sums hash sum file using signify-openbsd and then verify the image against the sha512 sum.

1. Download the signify Key and save it as keyname.pub.

2. Install signify-openbsd.

Install signify-openbsd.

1. Update the package lists. 

sudo apt-get update

2. Upgrade the system. 

sudo apt-get dist-upgrade

3. Install the signify-openbsd package.

Using apt-get command line parameter --no-install-recommends is in most cases optional. 

sudo apt-get install --no-install-recommends signify-openbsd

The procedure of installing signify-openbsd is complete.

3. Download the .sha512sums and .sha512sums.sig files.

4. Verify the .sha512sums file with signify-openbsd. 

signify-openbsd -Vp keyname.pub -m Whonix-*.sha512sums

If the file is correct, it will output: 

Signature Verified

If the file is not correct, it will output an error.

5. Compare the hash of the image file with the hash in the .sha512sums file. 

sha512sum -c Whonix-*.sha512sums

If the file is correct, it will output: 

Whonix-CLI-15.0.1.3.4.ova: OK

Ambox warning pn.svg.png Do not continue if verification fails! This risks using infected or erroneous files! The whole point of verification is to confirm file integrity. This page is strongly related to the pages Placing Trust in Whonix ™ and Verifying Software Signatures.

If you are using signify for software signature verification, please consider making a report in the Whonix signify-openbsd forum thread [archive]. This will help developers decide whether to continue supporting this method or deprecate it.

Table: Whonix ™ VirtualBox Files

Whonix ™ Version Files
Whonix ™ VirtualBox CLI
Whonix ™ VirtualBox XFCE

Forum discussion: signify-openbsd [archive].

Codecrypt Signatures[edit]

Codecrypt signatures are not yet available, but are planned long term.

Volunteer contributions are happily considered! If you were to contribute codecrypt signature creation to the Whonix ™ prepare_release script [archive], then this feature could be provided much sooner.

If you would like to use codecrypt for software signature verification, please consider making a report in the Whonix codecrypt forum thread [archive]. This method might be supported sooner if there is sufficient interest.

Forum discussion:
use codecrypt to sign Whonix releases [archive].

See Also[edit]

text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Follow us on Twitter.png Twitter / Facebook.png Facebook.

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.

Retrieved from "https://www.whonix.org/w/index.php?title=Verify_the_Whonix_images&oldid=61253"