url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Note that since all Whonix releases are signed with the same key, you will not have to verify the key every time and the trust you might progressively build in it will be built once and for all. Still, you will have to check the virtual machine images every time you download a new ones!

This page is strongly related to the Trust page.

Simple Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Simple Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Main%2FProject_Signing_Key#Simple|Simple]]
Copy as Wikitext Click = Copy Copied to clipboard! [Simple](https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Simple)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Simple](https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Simple)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Simple]Simple[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

(1) Download adrelanos's OpenPGP key from https://www.whonix.org/adrelanos.asc.

(2) Store it as *adrelanos.asc*.

(3) Import the key.

gpg --import adrelanos.asc

(4) Verify.

gpg --fingerprint 9B157153925C303A42253AFB9C131AD3713AAEEF

Should show.

pub   4096R/713AAEEF 2012-03-02
      Key fingerprint = 9B15 7153 925C 303A 4225  3AFB 9C13 1AD3 713A AEEF
uid                  adrelanos <adrelanos at riseup dot net>
sub   4096R/794279C4 2012-03-02

(5) For better security, read below.

Advanced Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Advanced Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Main%2FProject_Signing_Key#Advanced|Advanced]]
Copy as Wikitext Click = Copy Copied to clipboard! [Advanced](https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Advanced)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Advanced](https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Advanced)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Advanced]Advanced[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Correlates several downloads of Whonix signing key Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Correlates_several_downloads_of_Whonix_signing_key Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Main%2FProject_Signing_Key#Correlates_several_downloads_of_Whonix_signing_key|Correlates several downloads of Whonix signing key]]
Copy as Wikitext Click = Copy Copied to clipboard! [Correlates several downloads of Whonix signing key](https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Correlates_several_downloads_of_Whonix_signing_key)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Correlates several downloads of Whonix signing key](https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Correlates_several_downloads_of_Whonix_signing_key)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Correlates_several_downloads_of_Whonix_signing_key]Correlates several downloads of Whonix signing key[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

A simple technique to increase the trust you can put in Whonix signing key would be to download it several times, from several locations, several computers, possibly several countries, etc.

You could also use this technique to compare keys downloaded by your friends or other people you trust.

Downloading the key from the same server only lowers the possibility of a man-in-the-middle attack for a part of the route. The following figure illustrates that best.

user <-> user ISP <-> internet <-> sourceforge.net ISP <-> sourceforge.net server
MITM less likely for this route |  no help for this route

For this reasons adrelanos's homepage, which describes and contains adrelano's OpenPGP key is mirrored at seven different places. Download adrelanos's key from all those places and store it as adrelanos1.asc, adrelanos2.asc, adrelanos3.asc, etc.

(1.) adrelanos's homepage on github; (key download)

Github.com is accessible over SSL. ^[1]

(2.) adrelanos's homepage on sourceforge.net; sourceforge; (key download)

SSL available for users logged into sourceforge.net. ^[1]

(3.) adrelanos's homepage on gitorious; (key download)

Gitorious.org is accessible over SSL. ^[1]

(4.) adrelanos's homepage on Free Onion Hosting Service

Encrypted end-to-end ^[2]. Anonymous admin.

(5.) adrelanos's homepage on torproject.org wiki

SSL available. ^[1] Anyone can edit the torproject.org wiki and exchange content with malicious one. Therefore check the history feature. Obviously, I do trust Tor and torproject.org. My wiki account "proper" should be genuine, therefore changes by "proper" should be legit.

(6.) adrelanos OpenPGP key mirror on savannah.gnu.org profile page

SSL available. ^[1] The following command is recommend to enforce downloading the key over SSL.

## Not forced through Tor, unless you are using Whonix, torsocks or similar.
curl --tlsv1 --proto =https --output adrelanos.asc.4 https://savannah.gnu.org/people/viewgpg.php?user_id=89289

(7.) adrelanos's homepage on torhost.onion Free Onion Hosting Service

Encrypted end-to-end ^[2]. Anonymous admin.

(8.) adrelanos's OpenPGP key mirror on OpenPGP keyserver

No SSL. Should really be only used as a mirror.

## Not forced through Tor, unless you are using Whonix, torsocks or similar.
gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 9B157153925C303A42253AFB9C131AD3713AAEEF

Verify.

gpg --fingerprint 9B157153925C303A42253AFB9C131AD3713AAEEF

Should show.

pub   4096R/713AAEEF 2012-03-02
      Key fingerprint = 9B15 7153 925C 303A 4225  3AFB 9C13 1AD3 713A AEEF
uid                  adrelanos <adrelanos at riseup dot net>
sub   4096R/794279C4 2012-03-02

Each time you re-import the key from a different source.

gpg --import adrelanos.asc 
gpg --import adrelanos1.asc 
gpg --import adrelanos2.asc 
...

It should always show.

gpg: key 713AAEEF: "adrelanos <adrelanos at riseup dot net>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

And.

gpg --fingerprint

Should always show the same fingerprint and only contain. (Besides keys you imported knowingly earlier, perhaps your friends keys.)

pub   4096R/713AAEEF 2012-03-02
      Key fingerprint = 9B15 7153 925C 303A 4225  3AFB 9C13 1AD3 713A AEEF
uid                  adrelanos <adrelanos at riseup dot net>
sub   4096R/794279C4 2012-03-02

Unless the new key is signed with the old key, something fishy is going on.

Footnotes / References Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Footnotes_.2F_References Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Main%2FProject_Signing_Key#Footnotes_.2F_References|Footnotes / References]]
Copy as Wikitext Click = Copy Copied to clipboard! [Footnotes / References](https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Footnotes_.2F_References)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Footnotes / References](https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Footnotes_.2F_References)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#Footnotes_.2F_References]Footnotes / References[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

↑ ^{Jump up to: 1.0} ^1.1 ^1.2 ^1.3 ^1.4 See SSL for comments on SSL (in)security.
↑ ^{Jump up to: 2.0} ^2.1 Because it's a Tor hidden service. Not exactly end-to-end, see Notes about End-to-end security of Hidden Services for details.

License Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#License Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Main%2FProject_Signing_Key#License|License]]
Copy as Wikitext Click = Copy Copied to clipboard! [License](https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#License)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [License](https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#License)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Main%2FProject_Signing_Key?oldid=12694#License]License[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Whonix Trusting Whonix Signing Key wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix Trusting Whonix Signing Key wiki page Portions Copyright (C) 2012 adrelanos <adrelanos at riseup dot net>

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it
under certain conditions; see the wiki source code for details.

Kicksecure

A secure by default operating system with the latest security research in place.

Dark mode

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!

[ssl-1] {Jump up to: 1.0} ^1.1 ^1.2 ^1.3 ^1.4 See SSL for comments on SSL (in)security.

[hs-2] {Jump up to: 2.0} ^2.1 Because it's a Tor hidden service. Not exactly end-to-end, see Notes about End-to-end security of Hidden Services for details.

[1]

[2]

Main/Project Signing Key

Contents

Navigation menu

Main/Project Signing Key

Navigation menu

Search

Disable server cache for this browser

Debug vis URL