{{Header}} {{Title|title= Verify Virtual Machine Images on Linux }} {{#seo: |description=Instructions for OpenPGP and Signify Verification of {{project_name_long}} ISO, VirtualBox and KVM on the Command Line |image=Approved-29149640.png }} [[File:Approved-29149640.png|250px|thumbnail]] {{intro| Instructions for OpenPGP and Signify Verification of {{project_name_short}} ISO, VirtualBox and KVM on the Command Line }} = Introduction = {{always_verify_signatures_reminder}} {{Tab |type=controller |content= {{Tab |title= = OpenPGP = |image=[[File:GnuPG-Logo.svg|25px]] |active=true |addToClass=info-box |content= {{gpg_verification_introduction}} '''1.''' Choose your platform. {{Tab |type=controller |linkid=virtualizer_openpgp |content= {{Tab |title={{Headline|h=2|content={{project_name_short}} ISO}} |image=[[File:Cd-rom-icon.png|25px]] |type=section |addToClass=info-box |active=true |content= '''2.''' Import the signing key. Refer to the more secure, detailed [[Main/Project_Signing_Key|{{project_name_short}} Signing Key]] instructions. {{signing_key_main}} '''3.''' Download the cryptographic (OpenPGP) signature corresponding to the image you want to verify. '''4.''' Save the signature in the same folder as the image. {{Download_image_and_signature |text_image=ISO image |text_signature=ISO signature |flavor=Xfce |extension=Intel_AMD64.iso |after_slash=iso |version={{VersionNew}} }} }} {{Tab |title={{Headline|h=2|content=VirtualBox}} |image=[[File:Virtualbox_logo.png|25px]] |type=section |addToClass=info-box |content= Refer to the more secure, detailed [[Main/Project_Signing_Key|{{project_name_short}} Signing Key]] instructions. {{signing_key_main}} '''3.''' Download the cryptographic (OpenPGP) signature corresponding to the image you want to verify. '''4.''' Save the signature in the same folder as the image. Select Xfce or CLI version. {{Tab |type=controller |content= {{Tab |title={{Headline|h=2|content={{project_name_short}} VirtualBox Xfce}} |image=[[File:Clipart-gui.svg|25px]] |addToClass=info-box |content= {{Download_image_and_signature |text_image=VirtualBox Xfce image |text_signature=VirtualBox Xfce signature |flavor=Xfce |extension=Intel_AMD64.ova |after_slash=ova |version={{VersionNew}} }} }} {{Tab |title={{Headline|h=2|content={{project_name_short}} VirtualBox CLI}} |image=[[File:Utilities-terminal.png|25px]] |addToClass=info-box |content= {{Download_image_and_signature |text_image=VirtualBox CLI image |text_signature=VirtualBox CLI signature |flavor=CLI |extension=Intel_AMD64.ova |after_slash=ova |version={{VersionNew}} }} }} }} }} {{Tab |title={{Headline|h=2|content=KVM}} |image=[[File:Kvm-new-logo.png|25px]] |addToClass=info-box |content= Refer to the more secure, detailed [[Main/Project_Signing_Key|{{project_name_short}} Signing Key]] instructions. {{signing_key_main}} '''3.''' Download the cryptographic (OpenPGP) signature corresponding to the image you want to verify. '''4.''' Save the signature in the same folder as the image. Select Xfce or CLI version. {{Tab |type=controller |content= {{Tab |title={{Headline|h=2|content={{project_name_short}} KVM Xfce}} |image=[[File:Clipart-gui.svg|25px]] |addToClass=info-box |content= {{Download_image_and_signature |text_image=KVM Xfce image |text_signature=KVM Xfce signature |flavor=Xfce |extension=Intel_AMD64.qcow2.libvirt.xz |after_slash=libvirt |version={{Version_KVM}} }} }} {{Tab |title={{Headline|h=2|content={{project_name_short}} KVM CLI}} |image=[[File:Utilities-terminal.png|25px]] |addToClass=info-box |content= {{Download_image_and_signature |text_image=KVM CLI image |text_signature=KVM CLI signature |flavor=CLI |extension=Intel_AMD64.qcow2.libvirt.xz |after_slash=libvirt |version={{Version_KVM}} }} }} }} }} }} '''5.''' Change directory.
cd [the directory in which you downloaded the image and the signature]
'''6.''' Start the cryptographic verification. This process can take several minutes. {{Tab |type=controller |linkid=virtualizer_openpgp |content= {{Tab |title={{Headline|h=2|content={{project_name_short}} ISO}} |image=[[File:Cd-rom-icon.png|25px]] |addToClass=info-box |content= {{CodeSelect|code= gpg --verify-options show-notations --verify {{project_name_short}}-*.Intel_AMD64.iso.asc {{project_name_short}}-*.Intel_AMD64.iso }} }} {{Tab |title={{Headline|h=2|content=VirtualBox}} |image=[[File:Virtualbox_logo.png|25px]] |addToClass=info-box |content= {{CodeSelect|code= gpg --verify-options show-notations --verify {{project_name_short}}-*.ova.asc {{project_name_short}}-*.ova }} }} {{Tab |title={{Headline|h=2|content=KVM}} |image=[[File:Kvm-new-logo.png|25px]] |addToClass=info-box |content= {{CodeSelect|code= gpg --verify-options show-notations --verify {{project_name_short}}-*.libvirt.xz.asc {{project_name_short}}-*.libvirt.xz }} }} }} '''7.''' Check the output of the verification step. {{GnuPG-Success}} {{Tab |type=controller |linkid=virtualizer_openpgp |content= {{Tab |title={{Headline|h=2|content={{project_name_short}} ISO}} |image=[[File:Cd-rom-icon.png|25px]] |type=section |addToClass=info-box |active=true |content=
gpg: Good signature
}} {{Tab |title={{Headline|h=2|content=VirtualBox}} |image=[[File:Virtualbox_logo.png|25px]] |addToClass=info-box |content=
gpg: Good signature
}} {{Tab |title={{Headline|h=2|content=KVM}} |image=[[File:Kvm-new-logo.png|25px]] |addToClass=info-box |content=
gpg: Good signature
}} }} This output might be followed by a warning as follows. {{GnuPG-Warning}} {{gpg_signature_timestamp}} Example of signature creation timestamp; see below.
gpg: Signature made Mon 19 Jan 2023 11:45:41 PM CET using RSA key ID ...
{{GnuPG_file_names}} {{gpg_file_name_notation}} {{Tab |type=controller |linkid=virtualizer_openpgp |content= {{Tab |title={{Headline|h=2|content={{project_name_short}} ISO}} |image=[[File:Cd-rom-icon.png|25px]] |type=section |addToClass=info-box |active=true |content=
gpg: Signature notation: file@name={{project_name_short}}-{{VersionNew}}.Intel_AMD64.iso
}} {{Tab |title={{Headline|h=2|content=VirtualBox}} |image=[[File:Virtualbox_logo.png|25px]] |addToClass=info-box |content=
gpg: Signature notation: file@name={{project_name_short}}-{{VersionNew}}.Intel_AMD64.ova
}} {{Tab |title={{Headline|h=2|content=KVM}} |image=[[File:Kvm-new-logo.png|25px]] |addToClass=info-box |content=
gpg: Signature notation: file@name={{project_name_short}}-{{Version_KVM}}.libvirt.xz
}} }} If the digital software signature verification failed, the output will inform that the signature is bad:
gpg: BAD signature
{{do_not_continue_on_gpg_verification_errors}} '''8.''' Done. Digital software signature verification using OpenPGP has been completed. {{Template:GnuPG-Troubleshooting}} }} {{Tab |title= = Signify = |image=[[File:Signify_Logo.svg|25px]] |addToClass=info-box |content= {{mbox | type = notice | image = [[File:Ambox_notice.png|40px|alt=Info]] | text = Advanced users only! }} '''1.''' Choose your platform. {{Tab |type=controller |linkid=virtualizer_signify |content= {{Tab |title={{Headline|h=2|content={{project_name_short}} ISO Signify}} |image=[[File:Cd-rom-icon.png|25px]] |type=section |addToClass=info-box |active=true |content= '''2.''' [[Signing_Key#Download_the_signify_Key|Download the signify Key]] and save it as derivative.pub. {{signing_key_main_signify}} }} {{Tab |title={{Headline|h=2|content=VirtualBox Signify}} |image=[[File:Virtualbox_logo.png|25px]] |type=section |addToClass=info-box |active= |content= '''2.''' [[Signing_Key#Download_the_signify_Key|Download the signify Key]] and save it as derivative.pub. {{signing_key_main_signify}} }} {{Tab |title={{Headline|h=2|content=KVM Signify}} |image=[[File:Kvm-new-logo.png|25px]] |addToClass=info-box |content= '''2.''' [[Signing_Key#Download_the_signify_Key|Download the signify Key]] and save it as derivative.pub. {{signing_key_main_signify}} }} }} '''3.''' Install signify-openbsd. {{Install Package| package=signify-openbsd }} '''4.''' Note. [https://forums.whonix.org/t/signify-openbsd/7842/5 It is impossible to signify sign images (.ova / libvirt.tar.xz) directly.] You can only verify the .sha512sums hash sum file using signify-openbsd and then verify the image against the sha512 sum. '''5.''' Download the .sha512sums and .sha512sums.sig files. '''6.''' Verify the .sha512sums file with signify-openbsd. {{CodeSelect|code= signify-openbsd -Vp derivative.pub -m {{project_name_short}}-*.sha512sums }} If the signature is valid, it will output:
Signature Verified
If the signature is invalid, it will output an error. '''7.''' Compare the hash of the image file with the hash in the .sha512sums file. {{CodeSelect|code= sha512sum --strict --check {{project_name_short}}-*.sha512sums }} If the hash is correct, it will output:
{{project_name_short}}-Xfce-{{VersionNew}}.ova: OK
{{do_not_continue_on_gpg_verification_errors}} '''8.''' Done. Digital signature verification using signify has been completed. If you are using signify for software signature verification, please consider making a report in the [https://forums.whonix.org/t/signify-openbsd/7842 signify-openbsd forum thread]. This will help developers decide whether to continue supporting this method or deprecate it. Forum discussion: [https://forums.whonix.org/t/signify-openbsd/7842 signify-openbsd]. }} }} = Footnotes = {{reflist|close=1}} = License = {{License_Amnesia|{{FULLPAGENAME}}}} {{Footer}} [[Category:Documentation]] [[Category:MultiWiki]]