diff --git a/.gitea/TODO/0003_install_backports.chroot b/.gitea/TODO/0003_install_backports.chroot
new file mode 100644
index 0000000..ce66e54
--- /dev/null
+++ b/.gitea/TODO/0003_install_backports.chroot
@@ -0,0 +1,33 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+set -C -e -u -o pipefail
+
+printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
+# sleep 1
+
+mkdir -p /etc/apt/sources.list.d
+touch /etc/apt/sources.list.d/bookworm-backports.list
+echo 'deb https://deb.debian.org/debian bookworm-backports main' >| /etc/apt/sources.list.d/bookworm-backports.list
+apt-get update -y
+apt-get upgrade -y
+
+apt-get install -y --no-install-recommends -t bookworm-backports \
+  curl \
+  debootstrap \
+  ssh \
+  whois
+
+printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
+# sleep 1
+
+exit 0
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
index 86a2a85..e835f3e 100644
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_0.yaml
@@ -85,13 +85,16 @@ jobs:
             "https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
           )
 
+          wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc
+          gpg --batch --import signature_key.asc
+
           for url in "${urls[@]}"; do
             archive_name="${url##*/}"
             pkg_name="${archive_name%.tar.bz2}"
             echo "🔄 Processing ${pkg_name}"
             if [[ ! -f "${archive_name}" ]]; then
               echo "📥 Downloading: '${archive_name}'."
-              if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
+              if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
                 echo "✅ Download successful: '${archive_name}'."
               else
                 echo "❌ Download NOT successful: '${archive_name}'."
@@ -101,6 +104,8 @@ jobs:
               echo "💡 Skipping download, package already exists: '${archive_name}'."
             fi
 
+            if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
+
             if [[ ! -d "${pkg_name}" ]]; then
               echo "📂 Extracting: '${archive_name}'."
               if tar -xjf "${archive_name}"; then
@@ -124,15 +129,15 @@ jobs:
 
             cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
 
-            rm -f "${archive_name}"; \
-            echo "✅ Removed archive: '${pkg_name}'."
-            rm -fr "${pkg_name}"; \
-            echo "✅ Removed build artifacts: '${pkg_name}'."
+            rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
+            rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
             echo "✅ Successful build and installation of '${pkg_name}'."
             echo "-------------------------------------------------------------------------------------"
 
           done
 
+          rm -f signature_key.asc
+
           echo "✅ All packages were built and installed successfully."
 
           mv_bin=(
diff --git a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
index e036694..51c45d7 100644
--- a/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
+++ b/.gitea/workflows/generate_PRIVATE_iso_flavour_1.yaml
@@ -85,13 +85,16 @@ jobs:
             "https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
           )
 
+          wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc
+          gpg --batch --import signature_key.asc
+
           for url in "${urls[@]}"; do
             archive_name="${url##*/}"
             pkg_name="${archive_name%.tar.bz2}"
             echo "🔄 Processing ${pkg_name}"
             if [[ ! -f "${archive_name}" ]]; then
               echo "📥 Downloading: '${archive_name}'."
-              if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
+              if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
                 echo "✅ Download successful: '${archive_name}'."
               else
                 echo "❌ Download NOT successful: '${archive_name}'."
@@ -101,6 +104,8 @@ jobs:
               echo "💡 Skipping download, package already exists: '${archive_name}'."
             fi
 
+            if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
+
             if [[ ! -d "${pkg_name}" ]]; then
               echo "📂 Extracting: '${archive_name}'."
               if tar -xjf "${archive_name}"; then
@@ -124,15 +129,15 @@ jobs:
 
             cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
 
-            rm -f "${archive_name}"; \
-            echo "✅ Removed archive: '${pkg_name}'."
-            rm -fr "${pkg_name}"; \
-            echo "✅ Removed build artifacts: '${pkg_name}'."
+            rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
+            rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
             echo "✅ Successful build and installation of '${pkg_name}'."
             echo "-------------------------------------------------------------------------------------"
 
           done
 
+          rm -f signature_key.asc
+
           echo "✅ All packages were built and installed successfully."
 
           mv_bin=(
diff --git a/.gitea/workflows/generate_PUBLIC_iso.yaml b/.gitea/workflows/generate_PUBLIC_iso.yaml
index 1840f10..ecad1f4 100644
--- a/.gitea/workflows/generate_PUBLIC_iso.yaml
+++ b/.gitea/workflows/generate_PUBLIC_iso.yaml
@@ -85,13 +85,16 @@ jobs:
             "https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.8.tar.bz2"
           )
 
+          wget --https-only https://gnupg.org/signature_key.asc -O signature_key.asc
+          gpg --batch --import signature_key.asc
+
           for url in "${urls[@]}"; do
             archive_name="${url##*/}"
             pkg_name="${archive_name%.tar.bz2}"
             echo "🔄 Processing ${pkg_name}"
             if [[ ! -f "${archive_name}" ]]; then
               echo "📥 Downloading: '${archive_name}'."
-              if wget "${url}" -O "${archive_name}" > /dev/null 2>&1; then
+              if wget --https-only "${url}" -O "${archive_name}" > /dev/null 2>&1 && wget --https-only "${url}.sig" -O "${archive_name}.sig" > /dev/null 2>&1; then
                 echo "✅ Download successful: '${archive_name}'."
               else
                 echo "❌ Download NOT successful: '${archive_name}'."
@@ -101,6 +104,8 @@ jobs:
               echo "💡 Skipping download, package already exists: '${archive_name}'."
             fi
 
+            if ! gpg --verify "${archive_name}.sig" "${archive_name}"; then echo "❌ Bad Signature: '${archive_name}'.";exit 1; fi
+
             if [[ ! -d "${pkg_name}" ]]; then
               echo "📂 Extracting: '${archive_name}'."
               if tar -xjf "${archive_name}"; then
@@ -124,15 +129,15 @@ jobs:
 
             cd ../.. || { echo "❌ Could not change to '../..'."; exit 1; }
 
-            rm -f "${archive_name}"; \
-            echo "✅ Removed archive: '${pkg_name}'."
-            rm -fr "${pkg_name}"; \
-            echo "✅ Removed build artifacts: '${pkg_name}'."
+            rm -f "${archive_name}" && rm -f "${archive_name}.sig" && echo "✅ Removed archive: '${pkg_name}'."
+            rm -fr "${pkg_name}" && echo "✅ Removed build artifacts: '${pkg_name}'."
             echo "✅ Successful build and installation of '${pkg_name}'."
             echo "-------------------------------------------------------------------------------------"
 
           done
 
+          rm -f signature_key.asc
+
           echo "✅ All packages were built and installed successfully."
 
           mv_bin=(
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 06213eb..68d18b4 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -20,6 +20,10 @@ include_toc: true
   3. ``git merge --no-edit origin/master``
   4. ``git stash pop``
 
+* Changed workflows routines ``🛠️ Build GnuPG from the sources, as the Bookworm GPG does not understand key format 5.``
+  * added ``wget --https-only`` flag
+  * added verification step
+
 ## V8.03.400.2025.06.05
 
 * The workflow image was changed to ``debian:bookworm``.