Where to find Qubes Master Key? (using windows)

I am troubleshooting.

Where do I download the Quebes Master Signing Key, I only see Linux.commands, I am on Windows. My Quebes ISO is sitting in my windows download folder, should the Master Signing Key also reside there after download? Do I use Gpg4win for whole process verifying signatures?

Hi @qubes.man,
for the ISO verification with Windows, read the below topic:

or with this video tutorial :

1 Like

I am trying to sign the release signing key with qubes master signing key.

I progressed a bit but I am stuck at this part:
\qubes>gpg --check-signatures “Qubes OS Release 4 Signi
ng Key”
gpg: error reading key: No public key

I did manage to get here:

qubes>gpg -k "Qubes Master Signing Key
pub rsa4096 2010-04-01 [SC]
427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid [ultimate] Qubes Master Signing Key

I clicked on GPG Encryption and a new tab opened up, I was expecting a download, how can I save something that opens up as a tab in browser? I am referring to:
https://mirrors.edge.kernel.org/qubes/iso/Qubes-R4.0.4-x86_64.iso.asc
Qubes 4.04 is the version I downloaded.

Right click and select “save link as…”.

I double clicked the Master Signing Key in Qubes folder and instead of Kleopatra, GNU Privacy Assistant popped up. I was expecting Kleoptara like in the video. I am not sure what to do now that GNU Privacy Assistant has popped up.

I’m afraid that I cant help you with either Kleoptara or GNU privacy
assistant. Perhaps someone who uses those programs could jump in.

But this shows one of the problems in following video guides without
understanding them. A good guide would explain exactly what is being
done, why, and what alternatives are available. It’s a shame that the
video you were watching didn’t do this.

I assume you have read the instructions for Linux in the docs.
You need to find a way of adding the Signing Key to your keyring. I
assume that the help for GNU privacy assistant will tell you how to do
this. Alternatively you can follow the instructions in the documentation

  • if you have done this but hit a problem, then please explain what that
    was.

Is there a button to delete a post?

I got same results as in the video except for last one:

qubes>gpg -v --verify Qubes-R4.0.4-x86_64.ios.asc Qube
s-R4.0.4-x86_64.iso
gpg: can’t open ‘Qubes-R4.0.4-x86_64.ios.asc’: No such file or directory
gpg: verify signatures failed: No such file or directory

Either you haven’t yet downloaded the signature file to the directory
containing the Qubes iso, or there’s a typo -
you report ...ios.asc but the file is ...iso.asc

This is what is sitting in my qubes folder using cmd:

\qubes
0 gpg
1,621 qubes-master-signing-key.asc
5,199,888,384 Qubes-R4.0.4-x86_64.iso
2,346 qubes-release-4-signing-key.asc

I corrected the typo and got:

gpg -v --verify Qubes-R4.0.4-x86_64.iso.asc Qubes-R4.0.4-x86_64.iso
gpg: can’t open ‘Qubes-R4.0.4-x86_64.iso.asc’: No such file or directory
gpg: verify signatures failed: No such file or directory

Sometimes error messages can be pretty vague, this is not one of those times. Make sure the file is in that directory and it has that exact name.

Yes, the directory listing provided shows that the Detached PGP signature file
is not there.
Download it in the same directory as the iso.