download.html 18.4 KB
Newer Older
1
[[!meta title="Download, verify and install"]]
2

Tails developers's avatar
Tails developers committed
3
<strong>Tails is [[Free Software|doc/about/license]], you can download it, use it and
4
share it without restriction.</strong>
Tails developers's avatar
Tails developers committed
5

6
7
<div id="page-download">

Tails developers's avatar
Tails developers committed
8
[[!toc levels=1]]
9

10
<div id="first_time_user">
11

12
	<h1 class="bullet-number-one">First time user?</h1>
13

14
15
16
	<ul>
	<li>If you don't know what a metadata or a man-in-the-middle attack
	is.</li>
17
	<li>If you think no-one can eavesdrop on your communications
Tails developers's avatar
Tails developers committed
18
	because you are using Tor.</li>
19
20
	<li>If you have no notion on how Tails works.</li>
	</ul>
21

22
	<p><strong>Then, check first the [[about]] and
Tails developers's avatar
Tails developers committed
23
	[[warning|doc/about/warning]] pages to make sure that Tails is the right tool
Tails developers's avatar
Tails developers committed
24
	for you and that you understand well its limitations.</strong></p>
amnesia's avatar
amnesia committed
25

26
</div>
27
28
29

<div id="download_the_image" class="container">

30
	<h1 class="bullet-number-two">Download the ISO image</h1>
31

32
33
34
35
36
	<p>You will download Tails in the form of an <span
	class="definition">[[!wikipedia ISO_image desc="ISO image"]]</span>: a
	single file that you will later burn on a CD or installed onto a USB
	stick.</p>

37
38
<div id="http">

39
	<h2>Direct download</h2>
40

41
42
	<h3>Latest release</h3>

43
	<p>
44
45
	<a class='download-file' href=[[!inline pages="inc/stable_i386_iso_url" raw="yes"]]>
	Tails [[!inline pages="inc/stable_i386_version" raw="yes"]] ISO image</a>
46
47
	</p>

48
49
	<h3>Cryptographic signature</h3>

50
	[[!inline pages="lib/download_stable_i386_iso_sig" raw="yes"]]
51
52
53
54

	<p>If you're not sure what the cryptographic signature is, please go on
	and read the part on [[verifying the ISO image|download#index3h1]].</p>

55
56
57
58
59
	<h3>Set up a web mirror</h3>

	<p>If you're running a web server, you're most welcome to help us spread
	Tails by [[setting up a web mirror|contribute/how/mirror]].</p>

60
</div> <!-- #http -->
61

62
<div id="bittorrent">
63

64
	<h2>BitTorrent download</h2>
65

66
	<h3>Latest release</h3>
67

68
	<p>
69
70
	<a class='download-file' href=[[!inline pages="inc/stable_i386_torrent_url" raw="yes"]]>
	Tails [[!inline pages="inc/stable_i386_version" raw="yes"]] torrent</a>
71
	</p>
72

73
	<h3>Cryptographic signature</h3>
74

75
	<p>
76
77
	<a class='download-signature' href=[[!inline pages="inc/stable_i386_torrent_sig_url" raw="yes"]]>
	Tails [[!inline pages="inc/stable_i386_version" raw="yes"]] torrent signature</a>
78
	</p>
79

80
	<h3>Seed back!</h3>
81

82
83
	<p>Seeding back the image once you downloaded it is also a nice
	and easy way of helping spread Tails.</p>
84

85
</div> <!-- #bittorrent -->
86
87
88
89
90

</div> <!-- #download_the_image .container -->

<div id="verify">

91
	<h1 class="bullet-number-three">Verify the ISO image</h1>
92

93
94
95
	<p>It is important to check the <span class="definition">[[!wikipedia
	Data_integrity desc="integrity"]]</span> of the ISO image you downloaded
	to make sure that the download went well.</p>
96

Tails developers's avatar
Tails developers committed
97
	<p><strong>Warning: the following techniques don't provide you with a
98
99
100
	strong way of checking the ISO image <span
	class="definition">[[!wikipedia Authentication
	desc="authenticity"]]</span> and making sure you downloaded a genuine
101
102
	Tails.</strong></p>

103
104
105
	<p>Those techniques rely on standard HTTPS and <span
	class="definition">[[!wikipedia Certificate_authority desc="certificate
	authorities"]]</span> to make you trust the content of this website.
Tails developers's avatar
Tails developers committed
106
	But, [[as explained on our warning page|doc/about/warning#index3h1]], you
107
108
	could still be victim of a man-in-the-middle attack while using HTTPS.
	On this website as much as on any other of the Internet.</p>
109

110
	<p>It is anyway a good thing to check the ISO image integrity first. We
Tails developers's avatar
Tails developers committed
111
	will propose you after that some more advanced techniques to <a
112
113
	href="#authenticity-check">check the authenticity of the ISO
	image</a>.</p>
114

115
116
117
118
119
120
	<p>All Tails ISO image are cryptographically signed by our OpenPGP key.
	OpenPGP is a standard for data encryption that provides cryptographic
	privacy and authentication through the use of keys owned by its users.
	Checking this signature is the recommended way of checking the ISO image
	integrity.</p>

121
	<p>Do you want to check the ISO image integrity:</p>
122
123
124
125
126
127
128
129
130
131
132
133
134
	<ul>
	  <li>
	  [[!toggle id="verify_the_iso_image_using_gnome"
	  text="Using Linux with Gnome: Ubuntu, Debian, Tails, Fedora, etc."]]
	  </li>
	  <li>
	  [[!toggle id="verify_the_iso_image_using_the_command_line"
	  text="Using Linux with the command line"]]
	  </li>
	  <li>
	  [[!toggle id="verify_the_iso_image_using_other_operating_systems"
	  text="Using other operating systems"]]
	  </li>
135
136
	</ul>

137
	[[!toggleable id="verify_the_iso_image_using_gnome" text="""
138
139
140
	<span class="hide">[[!toggle id="verify_the_iso_image_using_gnome"
	text="Hide"]]</span>

141
	<h2>Using Linux with Gnome: Ubuntu, Debian, Tails, Fedora, etc.</h2>
142

143
144
145
	<p>You need to have the <code>seahorse-plugins</code> package
	installed. If you're not sure or want to install it, under Debian,
	Ubuntu or Tails you can issue the following commands:</p>
146
147
148
149
150
151

<pre>
sudo apt-get update
sudo apt-get install seahorse-plugins
</pre>

152
153
154
	<p>First, download Tails signing key:</p>

	[[!inline pages="lib/download_tails_signing_key" raw="yes"]]
155
156

	<p>Your browser should propose you to open it with "Import Key". Choose
157
158
	this action. It will add Tails signing key to your keyring, the
	collection of OpenPGP keys you already imported:</p>
159

160
	<p>[[!img download/import_key.png alt="What should Iceweasel do with
161
	this file? Open with: Import Key (default)" link="no"]]</p>
162
163
164

	<p>You will get notified will the following message:</p>

165
	<p>[[!img download/key_imported.png alt="Key Imported. Imported a key
166
167
	for Tails developers (signing key) &lt;tails@boum.org&gt;"
	link="no"]]</p>
168
169
170
171

	<p>Now, download the cryptographic signature corresponding to the ISO
	image you want to verify:</p>

172
	[[!inline pages="lib/download_stable_i386_iso_sig" raw="yes"]]
173
174

	<p>Your browser should propose you to open it with "Verify Signature".
175
	Choose this action to start the cryptographic verification:</p>
176

177
	<p>[[!img download/verify_signature.png alt="What should Iceweasel do
178
	with this file? Open with: Verify Signature (default)" link="no"]]</p>
179
180

	<p>Browse your files to select the Tails ISO image you want to verify.
181
	Then, the verification will start. It can take several minutes:</p>
182

183
	<p>[[!img download/verifying.png alt="Verifying" link="no"]]</p>
184

185
186
	<p><strong>If the ISO image is correct</strong> you will get a
	notification telling you that the signature is good:</p>
187

188
189
	<p>[[!img download/good_signature.png alt="Goog Signature"
	link="no"]]</p>
190

191
	<p><strong>If the ISO image is not correct</strong> you will get a
192
193
	notification telling you that the signature is bad:</p>

194
	<p>[[!img download/bad_signature.png alt="Bad Signature: Bad or forged
195
	signature." link="no"]]</p>
196
	"""]]
197

198
	[[!toggleable id="verify_the_iso_image_using_the_command_line" text="""
199
200
201
	<span class="hide">[[!toggle id="verify_the_iso_image_using_the_command_line"
	text="Hide"]]</span>

202
	<h2>Using Linux with the command line</h2>
Tails developers's avatar
Tails developers committed
203

Tails developers's avatar
Tails developers committed
204
	<p>You need to have GnuPG installed. GnuPG is the common OpenPGP
205
206
207
	implementation for Linux: it is installed by default under Debian,
	Ubuntu, Tails and many other distributions.</p>

208
209
210
	<p>First, download Tails signing key:</p>

	[[!inline pages="lib/download_tails_signing_key" raw="yes"]]
211

212
	<p>Open a terminal and import Tails signing key with the following
213
214
215
216
	commands:</p>

<pre>
cd [the directory in which you downloaded the key]
217
cat tails-signing.key | gpg --import
218
219
220
221
222
</pre>

	<p>The output should tell you that the key was imported:</p>

<pre>
223
gpg: key BE2CD9C1: public key "Tails developers (signing key) &lt;tails@boum.org&gt;" imported
224
225
226
227
gpg: Total number processed: 2
gpg:               imported: 2  (RSA: 2)
</pre>

228
229
	<p>If you had already imported Tails signing key in the past, the output
	should tell you that the key was not changed:</p>
230
231

<pre>
232
gpg: key BE2CD9C1: "Tails developers (signing key) &lt;tails@boum.org&gt;" not changed
233
234
235
236
237
238
239
gpg: Total number processed: 2
gpg:              unchanged: 2
</pre>

	<p>Now, download the cryptographic signature corresponding to the ISO
	image you want to verify and save it in the same folder as the ISO
	image:</p>
Tails developers's avatar
Tails developers committed
240

241
	[[!inline pages="lib/download_stable_i386_iso_sig" raw="yes"]]
Tails developers's avatar
Tails developers committed
242

243
244
	<p>Then start the cryptographic verification, it can take several
	minutes:</p>
Tails developers's avatar
Tails developers committed
245

246
247
<pre>
cd [the ISO image directory]
248
gpg --verify tails-i386-0.8.1.iso.pgp tails-i386-0.8.1.iso
249
250
</pre>

251
252
	<p><strong>If the ISO image is correct</strong> the output will tell you
	that the signature is good:</p>
253
254
255
256

<pre>
gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST
gpg:                using RSA key 1202821CBE2CD9C1
257
gpg: Good signature from "Tails developers (signing key) &lt;tails@boum.org&gt;"
258
</pre>
Tails developers's avatar
Tails developers committed
259

260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
	<p>This might be followed by a warning saying:</p>

<pre>
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1
</pre>

	<p>This doesn't alter the validity of the signature according to the key
	you downloaded. This warning rather has to do with the trust that you
	put in Tails signing key. See, [[Trusting Tails signing
	key|doc/trusting_tails_signing_key]]. To remove this warning you would
	have to personnally <span class="definition">[[!wikipedia Keysigning
	desc="sign"]]</span> Tails signing key with your own key.</p>

275
	<p><strong>If the ISO image is not correct</strong> the output will tell
276
	you that the signature is bad:</p>
Tails developers's avatar
Tails developers committed
277

278
279
280
<pre>
gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST
gpg:                using RSA key 1202821CBE2CD9C1
281
gpg: BAD signature from "Tails developers (signing key) &lt;tails@boum.org&gt;"
282
</pre>
283
	"""]]
Tails developers's avatar
Tails developers committed
284

285
	[[!toggleable id="verify_the_iso_image_using_other_operating_systems" text="""
286
287
288
	<span class="hide">[[!toggle id="verify_the_iso_image_using_other_operating_systems"
	text="Hide"]]</span>

289
	<h2>Using other operating systems</h2>
290
291
292
293
294

	<h3>Using Firefox</h3>

	<p>This technique is not using the cryptographic signature as the others
	do. We propose it because it's especially easy for Windows users.</p>
Tails developers's avatar
Tails developers committed
295
296
297
298
299

	<p>Install the CheckIt extension for Firefox available <a
	href="https://addons.mozilla.org/en-US/firefox/addon/checkit/">here</a>
	and restart Firefox.</p>

300
301
	<p>Here is the checksum (a kind of digital fingerprint) of the ISO
	image. Select it with your cursor:</p>
Tails developers's avatar
Tails developers committed
302

303
	<pre>[[!inline pages="inc/stable_i386_hash" raw="yes"]]</pre>
Tails developers's avatar
Tails developers committed
304

305
	<p>Right-click on it and choose "Selected hash (SHA256)" from the
Tails developers's avatar
Tails developers committed
306
307
	contextual menu:</p>

308
309
	<p>[[!img download/selected_hash.png alt="Selected hash (SHA256)"
	link="no"]]</p>
310
311
312
313
314
315
316
317

	<p>From the dialog box that shows up, open the ISO image. Then wait for
	the checksum to compute. This will take several seconds during which
	your browser will be unresponsive.</p>

	<p><strong>If the ISO image is correct</strong> you will get a
	notification saying that the checksums match:</p>

318
	<p>[[!img download/checksums_match.png alt="CheckIt: SHA256 checksums
319
	match!" link="no"]]</p>
320
321
322
323

	<p><strong>If the ISO image is not correct</strong> you will get a
	notification telling you that the checksums do not match:</p>

324
	<p>[[!img download/checksums_do_not_match.png alt="SHA256 checksums do
325
	not match!" link="no"]]</p>
326
327
328
329

	<h3>Using the cryptographic signature</h3>

	<p>GnuPG, a common free software implementation of OpenPGP has versions
Tails developers's avatar
Tails developers committed
330
	and graphical frontends for both Windows and Mac OS X. This also make it
331
332
333
334
335
	possible to check the cryptographic signature with those operating
	systems:</p>

	<ul>
	  <li>[[Gpg4win|http://www.gpg4win.org/]], for Windows</li>
Tails developers's avatar
Tails developers committed
336
	  <li>[[GPGTools|http://www.gpgtools.org/]], for Mac OS X</li>
337
338
339
340
341
342
343
	</ul>

	<p>You will find on either of those websites detailed documentation on
	how to install and use them.</p>

	<h3>For Windows using Gpg4win</h3>

344
345
346
	<p>After installing Gpg4win, download Tails signing key:</p>

	[[!inline pages="lib/download_tails_signing_key" raw="yes"]]
347
348
349

	<p>[[Consult the Gpg4win documentation to import
	it|http://www.gpg4win.org/doc/en/gpg4win-compendium_15.html]]</p>
Tails developers's avatar
Tails developers committed
350

351
352
353
	<p>Then, download the cryptographic signature corresponding to the ISO
	image you want to verify:</p>

354
	[[!inline pages="lib/download_stable_i386_iso_sig" raw="yes"]]
Tails developers's avatar
Tails developers committed
355

356
357
	<p>[[Consult the Gpg4win documentation to check the
	signature|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]]</p>
Tails developers's avatar
Tails developers committed
358

Tails developers's avatar
Tails developers committed
359
	<h3>For Mac OS X using GPGTools</h3>
Tails developers's avatar
Tails developers committed
360

361
	<p>After installing GPGTools, you should be able to follow the
Tails developers's avatar
Tails developers committed
362
363
364
	instruction for Linux with the command line. To open the command line,
	navigate to your Applications folder, open Utilities, and double click
	on Terminal.</p> """]]
Tails developers's avatar
Tails developers committed
365

366
367
368
	<h2><a name="authenticity-check"></a>So how can I check better the ISO
	image authenticity?</h2>

369
370
	<p>But the Tails signing key that you downloaded from this website could
	be a fake one if you were victim of a [[man-in-the-middle
Tails developers's avatar
Tails developers committed
371
	attack|doc/about/warning#index3h1]].</p>
372

373
	<p>Finding a way of trusting better Tails signing key would allow you to
374
	authenticate better the ISO image you downloaded. The following page
375
	will give you hints on how to increase the trust you can put in the
376
	Tails signing key you downloaded:</p>
377
378

	<ul>
379
	  <li>[[Trusting Tails signing key|doc/trusting_tails_signing_key]]</li>
380
381
	</ul>

382
	<!-- <h2>FIXME: What to do if the image is bad?</h2> -->
Tails developers's avatar
Tails developers committed
383

amnesia's avatar
amnesia committed
384
</div> <!-- #verify -->
385
386
387

<div id="support">

388
	<h1 class="bullet-number-four">Burn a CD or install onto a USB stick</h1>
389

390
391
	<p>Every ISO image we ship can be either burn on a CD or installed onto a USB stick.</p>

Tails developers's avatar
Tails developers committed
392
	<h2>Burning a CD</h2>
393
	<ul>
394
395
396
	  <li>CDs are read-only so your Tails can't be altered by a virus or an
	  attacker.</li>
	  <li>CDs are cheap but you will need to burn a new CD each time you
Tails developers's avatar
Tails developers committed
397
	  will update your Tails version (hint: CD-RW).</li>
398
399
	</ul>

400
	<p>For detailed instructions on how to burn an ISO image under Linux,
Tails developers's avatar
Tails developers committed
401
	Windows or Mac OS X you can consult <a
402
403
404
405
	href="https://help.ubuntu.com/community/BurningIsoHowto">the
	corresponding Ubuntu documentation</a>: just replace the Ubuntu ISO
	image by the Tails ISO image you downloaded and ignore the part on
	verifying the data integrity since you've already done that.</p>
406

Tails developers's avatar
Tails developers committed
407
408
409
410
411
	<h2>Installing onto a USB stick</h2>

	<p><strong>The content of the USB stick will be lost in the
	operation.</strong></p>

412
413
	<ul>
	  <li>An attacker with physical access to your USB stick or through a
Tails developers's avatar
Tails developers committed
414
	  virus could alter your Tails.</li>
415
	  <li>USB sticks can be reused across Tails versions.</li>
Tails developers's avatar
Tails developers committed
416
417
	  <li>USB sticks are smaller to fit in your pocket.</li>
	  <li>Older computers might not be able to start from a USB stick.</li>
418
419
420
421
	  <li>This technique also works for <span
	  class="definition">[[!wikipedia SD_card desc="SD cards"]]</span>. Some
	  SD cards have a read-only switch that can prevent your Tails from
	  being altered.</li>
422
423
424
	</ul>

	<ul>
425
426
	  <li>[[Instructions for Linux|doc/installing_onto_a_usb_stick/linux]]</li>
	  <li>[[Instructions for Windows|doc/installing_onto_a_usb_stick/windows]]</li>
427
	</ul>
T(A)ILS developers's avatar
T(A)ILS developers committed
428
429
430
431

	<p><strong>FIXME:</strong> mention Intel-based Mac users
	sometimes need to upgrade their firmware to get the keyboard
	working in the syslinux boot menu.</p>
432

Tails developers's avatar
Tails developers committed
433
</div> <!-- #support -->
434
435
436

<div id="stay_tuned">

437
	<h1 class="bullet-number-five">Stay tuned</h1>
438

439
440
441
	<p>
	<strong>It's very important to keep your Tails version up-to-date, otherwise
	your system will be vulnerable to numerous security holes.</strong> The
Tails developers's avatar
Tails developers committed
442
	development team is doing its best to release new versions fixing known
443
444
445
446
447
448
449
450
451
452
453
454
	security holes on a regular basis.
	</p>

	<p>New versions are announced on:</p>

	<ul>
	<li>our <a href='https://boum.org/mailman/listinfo/amnesia-news'>news
	mailing-list</a></li>
	<li>our <a href='torrents/rss/index.rss'>RSS</a> and <a
	href='/torrents/rss/index.atom'>Atom</a> feeds that announces new
	available BitTorrent files.</li>
	</ul>
455

456
457
	<p>Refer to our [[security announcements|/security]] feed for more
	detailed information about the security holes affecting Tails.
Tails developers's avatar
Tails developers committed
458
	Furthermore you will be automatically notified of the security holes
459
460
461
462
	affecting the version you are using at the startup of a new Tails
	session.</p>

	<p>Since Tails is based on Debian, it takes advantages of the all of the
Tails developers's avatar
Tails developers committed
463
	work done by the Debian security team. As quoted from <a
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
	href="http://security.debian.org/">(http://security.debian.org/)</a>:</p>

	<blockquote>Debian takes security very seriously. We handle all
	security problems brought to our attention and ensure that they are
	corrected within a reasonable timeframe. Many advisories are coordinated
	with other free software vendors and are published the same day a
	vulnerability is made public and we also have a Security Audit team that
	reviews the archive looking for new or unfixed security bugs.
	</blockquote>

	<blockquote>Experience has shown that "security through obscurity" does
	not work. Public disclosure allows for more rapid and better solutions
	to security problems. In that vein, this page addresses Debian's status
	with respect to various known security holes, which could potentially
	affect Debian.</blockquote>
479

amnesia's avatar
amnesia committed
480
</div> <!-- #stay_tuned-->
481

Tails developers's avatar
Tails developers committed
482
483
<div id="boot">

Tails developers's avatar
Tails developers committed
484
	<h1 class="bullet-number-six">Start Tails!</h1>
Tails developers's avatar
Tails developers committed
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522

	<p>Now that you have a Tails CD or USB stick you can shutdown your
	computer and start using Tails without altering your existing operating
	system.</p>

	<p><strong>If you're using a CD:</strong> Put the Tails CD into the
	CD/DVD-drive and restart the computer. You should see a welcome screen
	prompting you to choose your language.</p>

	<p>If you don't get this menu, you can consult the Ubuntu documentation
	about <a href="https://help.ubuntu.com/community/BootFromCD">booting
	from the CD</a> for more information, especially the part on the <a
	href="https://help.ubuntu.com/community/BootFromCD#BIOS%20is%20not%20set%20to%20boot%20from%20CD%20or%20DVD%20drive">
	BIOS settings</a>.</p>

	<p><strong>If you're using a USB stick:</strong> Shutdown the computer,
	plug in your USB stick and start the computer. You should see a welcome
	screen prompting you to choose your language.</p>

	<p>If your computer does not automatically do so, you might need to edit
	the BIOS settings. Restart your computer, and watch for a message
	telling you which key to press to enter the BIOS setup. It will usually
	be one of F1, F2, DEL, ESC or F10. Press this key while your computer is
	booting to edit your BIOS settings. You need to edit the Boot Order.
	Depending on your computer you should see an entry for 'removable drive'
	or 'USB media'. Move this to the top of the list to force the computer
	to attempt to boot from USB before booting from the hard disk. Save your
	changes and continue.</p>

	<p>For more detailed instruction on how to boot from USB you can read <a
	href="http://pcsupport.about.com/od/tipstricks/ht/bootusbflash.htm">About.com:
	How To Boot your Computer from a Bootable USB Device</a></p>

	<p>If you have problems accessing the BIOS, try to read <a
	href="http://www.pendrivelinux.com/how-to-access-bios/">pendrivelinux.com:
	How to Access BIOS</a></p>

</div><!-- #boot" -->
amnesia's avatar
amnesia committed
523
</div> <!-- #download -->
524