COURSE 1 - 4.2.2. VeraCrypt: Verify software
QUICK INFO:
download the software:
Please note: you should download the version of the software relative to the OS where VeraCrypt will be installed. Keep in mind that VeraCrypt cannot be installed in Tails: therefore, it must be your alternative OS (in this case, Linux Ubuntu)
download the signature associated to the version of the software that we downloaded
download the Public Key relative to the signature:
In Terminal:
otherwise (e.g. if you don't have the web link of the signature but only the text) copy the text of the Public Key into a new text editor file and save it as .asc
check if it's the correct Public Key:
in Terminal:
gpg --show-keys VeraCrypt_PGP_public_key.asc
check the key fingerprint: it must be identical to the one published on VeraCrypt website (https://veracrypt.fr/en/Downloads.html)
if the Public Key is correct, import it:
gpg --import VeraCrypt_PGP_public_key.asc
verify the signature of the software:
gpg --verify veracrypt-1.24-Update7-Ubuntu-20.04-amd64.deb.sig veracrypt-1.24-Update7-Ubuntu-20.04-amd64.deb
Intro:
How to verify the authenticity of VeraCrypt (or of any other software signed with PGP):