How to verify downloaded Whonix Image files – under Win 7

How to verify downloaded Whonix files – under windows 7

1.) http://www.gpg4win.org/download.html

download gpg4win and install it

2.) open the gpg4win

click File > New certificate

1

3.) click Create a personal OpenPGP key pair

2

4.) enter name and email. if you want to be anonymous, just enter junk info. then click Next

3

5.) click Create Key

4

6.) it will ask to create a password. so enter the password

5

if your password too simple, it will ask are you sure? so its up to you proceed (click “take this one anyway”) or re-enter new password

6

7.) after your key successfully created, you should see this. click Finish

7

8.) go to https://www.whonix.org/wiki/Whonix_Signing_Key

download the patrick.asc key

right click it, save link as

8

when you save it.. make sure choose save as type “All Files”, then click Save

9

9.) go back to kleopatra program, click File > Import Certificate..

10

locate the patrick.asc file you just saved, select and click Open button

11

you should see it has been imported

12

10.) in your Imported Certificates tab, you should see the key has been imported..right click on it and choose “Certify certificate..”

13

11.) tick both of the boxes.. and pay attention to the fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA

14

make sure it is exactly the same from this page : https://www.whonix.org/wiki/Whonix_Signing_Key

after checked, then click next

15

12.) choose Certify only for myself, then click Certify

16

13.) it will ask to enter password, enter the password u just created earlier

17

14.) it will display certification successful

18

15.) download 2 signature file from here : https://www.whonix.org/wiki/Download#Whonix_signature

19

right click and Save Link As > choose Save as type “All files”

save both of the signature (Whonix-Gateway-10.0.0.5.5.ova.asc  & Whonix-Workstation-10.0.0.5.5.ova.asc)

20

16.) assumed youve downloaded the whonix image file earlier,(if not, download it first) make sure move it to the same folder which has the .asc file

21

17.) right click on the .asc file and choose “Decrypt and verify”

22

18.) you should see this windows

tick the “input file is a detached signature, the click the button at the right hand side (refer the blue circle)

23

19.) select the matching .ova filename then click Open

24

Click decrypt/verify button

24-0

let it run and wait until finish.. depending on your cpu speed.. this might takes 5 – 10 mins

24-1

20.) you should see this message if successfully verified, if failed, DO NOT use the file. you need to redownload again

25

repeat the same steps to verify files for whonix workstation.ova, after both successfully checked and verified that means file is safe to use and intended by the original author and not tampered with or hacked version. i repeat again, if signature is invalid upon checking, do not use the file. just simply redownload again

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s