download.inline.html 29.1 KB
Newer Older
sajolida's avatar
sajolida committed
1
<div id="activate-tails-verification"></div> <!-- Needed to activate the verification extension -->
2
<div id="extension-version">1.0</div> <!-- Minimum version of the extension -->
sajolida's avatar
sajolida committed
3
<div id="tails-version">[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</div>
4

5
<h1 class="windows linux mac dvd vm upgrade-tails">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</h1>
6

7
8
<div class="row">

9
  <div id="direct-download" class="col-md-6"> <!-- Direct download -->
10
11
    <h2>Direct download</h2>

12
    <div class="supported-browser no-js">
13
      <div id="step-download-direct">
14
15
        <h3><span class="step-number"><span class="windows linux mac upgrade-tails">1.</span>1</span>Download Tails</h3>
        <div class="windows linux mac upgrade-tails download-only-img">
16
17
18
          <a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img" class="use-mirror-pool btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_img_size" raw="yes" sort="age"]]</span>)</a>
          <a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img" class="use-mirror-pool-on-retry btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_img_size" raw="yes" sort="age"]]</span>)</a>
        </div>
sajolida's avatar
sajolida committed
19
        <div class="dvd vm download-only-iso">
20
21
22
          <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso" class="use-mirror-pool btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_iso_size" raw="yes" sort="age"]]</span>)</a>
          <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso" class="use-mirror-pool-on-retry btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_iso_size" raw="yes" sort="age"]]</span>)</a>
        </div>
23
        <p id="already-downloaded" class="indent"><a>I already downloaded Tails <span class="remove-extra-space">&nbsp;[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>.</a></p>
24
      </div>
25

26
      <div id="step-verify-direct">
27
        <h3><span class="step-number"><span class="windows linux mac upgrade-tails">1.</span>2</span>Verify your download using your browser</h3>
28
        <div class="caution indent">
29
          <p><b>For your security,<br/>always verify your download!</b></p>
30
          <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-supported" text="Why?"]]</p>
31
32
33
          <div id="why-verify-supported" class="floating-toggleable">
          [[!toggleable id="why-verify-supported" text="""
          [[!toggle id="why-verify-supported" text="X"]]
34
          <p>With an unverified download, you might:</p>
35
          <ul>
36
            <li>Lose time if your download is incomplete or broken due to an error during the download.
37
                This is quite frequent.</li>
38
            <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
39
                <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
40
            <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
41
42
                <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
          </ul>
cbrownstein's avatar
cbrownstein committed
43
          <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
44
45
          """]]
          </div>
46
          <p>Our browser extension makes it quick and easy.</p>
47
        </div>
48
        <div id="install-extension" class="indent">
49
          <a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn supported-browser firefox btn btn-primary inline-block">Install <u>Tails Verification</u> extension</a>
50
          <a href="https://chrome.google.com/webstore/detail/tails-verification/gaghffbplpialpoeclgjkkbknblfajdl" class="install-extension-btn supported-browser chrome btn btn-primary inline-block" target="_blank">Install <u>Tails Verification</u> extension</a>
51
52
53
54
55
          <div class="no-js">
            <p>You seem to have JavaScript disabled. To use our browser
               extension, please allow all this page:</p>
            [[!img screenshots/allow_js.png link="no"]]
          </div>
56
        </div>
57
58
        <div id="update-extension" class="indent block">
          <p>Your extension is an older version.</p>
59
          <a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn firefox btn btn-primary inline-block">Update extension</a>
60
          <a href="https://chrome.google.com/webstore/detail/tails-verification/gaghffbplpialpoeclgjkkbknblfajdl" class="install-extension-btn chrome btn btn-primary inline-block" target="_blank">Update extension</a>
61
62
        </div>
        <div id="verification" class="indent block">
sajolida's avatar
sajolida committed
63
          <p id="extension-installed" class="block"><u>Tails Verification</u> extension installed!</p>
64
          <label id="verify-download-wrapper" class="btn btn-primary inline-block">
65
            Verify Tails <span class="remove-extra-space">&nbsp;[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>&hellip;
66
67
            <input id="verify-download" type="file"/>
          </label>
sajolida's avatar
sajolida committed
68
          <div id="verifying-download" class="indent block">
69
            <p>Verifying <span id="filename">$FILENAME</span>&hellip;</p>
sajolida's avatar
sajolida committed
70
71
72
73
            <div class="progress">
              <div id="progress-bar" class="progress-bar" role="progressbar" style="width: 0%" aria-valuenow="0" aria-valuemin="0" aria-valuemax="100"></div>
            </div>
          </div>
74
          <p id="verification-successful" class="block">Verification successful!</p>
75
          <div id="verification-failed" class="block">
76
            <p><b>Verification failed!</b></p>
77
            <p class="floating-toggleable-link why-failed-link">[[!toggle id="why-failed" text="Why?"]]</p>
78
79
80
81
82
83
            <div id="why-failed" class="floating-toggleable">
            [[!toggleable id="why-failed" text="""
            [[!toggle id="why-failed" text="X"]]
            <p>Most likely, the verification failed because of an error
            or interruption during the download.</p>

84
85
86
	    <p>The verification also fails if you try to verify a different
            download than the latest version (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>).</p>

87
88
89
90
91
92
            <p>Less likely, the verification might have failed because
            of a malicious download from our download mirrors or due to
            a network attack in your country or local network.</p>

            <p>Downloading again is usually enough to fix this
            problem.</p>
93

cbrownstein's avatar
cbrownstein committed
94
            <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
95
96
            """]]
            </div>
97
            <p class="windows linux mac upgrade-tails download-only-img"><a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img-again" class="use-mirror-pool-on-retry">Please try to download again&hellip;</a></p>
sajolida's avatar
sajolida committed
98
            <p class="dvd vm download-only-iso"><a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso-again" class="use-mirror-pool-on-retry">Please try to download again&hellip;</a></p>
99
          </div>
100
          <div id="verification-failed-again" class="block">
101
            <p><b>Verification failed again!</b></p>
102
            <p class="floating-toggleable-link why-failed-again-link">[[!toggle id="why-failed-again" text="Why?"]]</p>
103
104
105
106
107
108
109
110
111
112
113
114
            <div id="why-failed-again" class="floating-toggleable">
            [[!toggleable id="why-failed-again" text="""
            [[!toggle id="why-failed-again" text="X"]]
            <p>The verification might have failed again because of:</p>
            <ul>
              <li>A software problem in our verification extension</li>
              <li>A malicious download from our download mirrors</li>
              <li>A network attack in your country or local network</li>
            </ul>
            <p>Trying from a different place or a different computer might solve any of these issues.</p>
            """]]
            </div>
115
            <p>Please try to download again from a different place or a different computer&hellip;</p>
116
117
          </div>
        </div>
118
119
      </div>

120
      <div id="step-continue-direct">
121
122
        <h3><span class="step-number"><span class="windows linux mac upgrade-tails">1.</span>3</span>Continue
          <span class="windows linux mac">installing</span>
123
          <span class="upgrade-tails">upgrading</span>
124
          <span class="download-only-img download-only-iso">installing or upgrading</span></h3>
125
      </div>
126
      <div id="continue-link-direct" class="indent">
127
128
129
        <div id="skip-download-direct">
          <span class="windows">[[Skip download|win/usb]]</span>
          <span class="linux">[[Skip download|linux/usb]]</span>
130
          <span class="mac">[[Skip download|mac/usb]]</span>
131
132
          <span class="dvd">[[Skip download|dvd]]</span>
          <span class="vm">[[Skip download|doc/advanced_topics/virtualization]]</span>
133
134
          <span class="upgrade-tails">[[Skip download|upgrade/tails]]</span>
        </div>
135
        <div id="skip-verification-direct" class="block">
sajolida's avatar
sajolida committed
136
137
          <div class="windows">[[Skip verification!|win/usb]]</div>
          <div class="linux">[[Skip verification!|linux/usb]]</div>
138
          <div class="mac">[[Skip verification!|mac/usb]]</div>
sajolida's avatar
sajolida committed
139
140
141
          <div class="dvd">[[Skip verification!|dvd]]</div>
          <div class="vm">[[Skip verification!|doc/advanced_topics/virtualization]]</div>
          <div class="upgrade-tails">[[Skip verification!|upgrade/tails]]</div>
142
        </div>
143
        <div id="next-direct">
144
145
146
          <div class="windows">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|win/usb]]</div>
          <div class="linux">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|linux/usb]]</div>
          <div class="mac">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|mac/usb]]</div>
147
148
149
          <div class="upgrade-tails">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/tails]]</div>
          <div class="dvd">[[<div class="btn btn-primary inline-block">Next: Burning Tails on a DVD</div>|dvd]]</div>
          <div class="vm">[[<div class="btn btn-primary inline-block">Next: Virtualization</div>|doc/advanced_topics/virtualization]]</div>
150
          <ul class="download-only-img">
151
152
153
154
            <p>Upgrade your Tails USB stick and keep your persistent storage:</p>
            <ul>
              <li>[[Upgrade inside Tails|upgrade/tails]]</li>
            </ul>
155
156
157
158
159
160
            <p>Install a new USB stick:</p>
            <ul>
              <li>[[Install from Windows|install/win/usb]]</li>
              <li>[[Install from macOS|install/mac/usb]]</li>
              <li>[[Install from Linux|install/linux/usb]]</li>
            </ul>
161
162
          </ul>
          <ul class="download-only-iso">
sajolida's avatar
sajolida committed
163
164
            <li>[[Burn on a DVD|dvd]]</li>
            <li>[[Run in a virtual machine|doc/advanced_topics/virtualization]]</li>
165
          </ul>
166
        </div>
167
      </div>
168
    </div> <!-- Supported browser & No JS -->
169

sajolida's avatar
sajolida committed
170
    <div class="outdated-browser unsupported-browser">
sajolida's avatar
sajolida committed
171
172
173
      <p>You are using <u><b><span id="detected-browser">$DETECTED-BROWSER</span></b></u>.</p>
      <p>Direct download is only available for:</p>
      <ul>
174
        <li>Firefox <span id="min-version-firefox">$MINVER-FIREFOX</span> and later (<a href="https://www.mozilla.org/firefox/new/">Download</a>)</li>
175
        <li>Chrome<span id="min-version-chrome">$MINVER-CHROME</span> and later (<a href="https://www.google.com/chrome/">Download</a>)</li>
176
        <li>Tor Browser <span id="min-version-tor-browser">$MINVER-TOR-BROWSER</span> and later (<a href="https://www.torproject.org/download/download-easy.html">Download</a>)</li>
sajolida's avatar
sajolida committed
177
      </ul>
178
179
180
181
182
183
    </div>
    <div class="outdated-browser">
      <p>Please update your browser to the latest version.</p>
    </div>
    <div class="unsupported-browser">
      <div class="caution">
184
        <p><b>For your security,<br/>always verify your download!</b></p>
185
        <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-unsupported" text="Why?"]]</p>
186
187
188
189
190
191
192
193
194
195
196
197
        <div id="why-verify-unsupported" class="floating-toggleable">
        [[!toggleable id="why-verify-unsupported" text="""
        [[!toggle id="why-verify-unsupported" text="X"]]
        <p>With an unverified download, you might:</p>
        <ul>
          <li>Lose time if your download is incomplete or broken due to an error during the download.
              This is quite frequent.</li>
          <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
              <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
          <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
              <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
        </ul>
cbrownstein's avatar
cbrownstein committed
198
        <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
199
200
        """]]
        </div>
201
        <p>Our browser extension for Firefox, Chrome, and Tor Browser makes this quick and easy.</p>
sajolida's avatar
sajolida committed
202
      </div>
203
      <p>Copy and paste this link in Firefox, Chrome, or Tor Browser:</p>
204
205
      <p class="windows"><code>https://tails.boum.org/install/win/usb-download/</code></p>
      <p class="linux"><code>https://tails.boum.org/install/linux/usb-download/</code></p>
206
      <p class="mac"><code>https://tails.boum.org/install/mac/usb-download/</code></p>
207
208
209
      <p class="upgrade-tails"><code>https://tails.boum.org/upgrade/tails-download/</code></p>
      <p class="dvd"><code>https://tails.boum.org/install/dvd-download/</code></p>
      <p class="vm"><code>https://tails.boum.org/install/vm-download/</code></p>
210
211
      <p class="download-only-img"><code>https://tails.boum.org/install/download/</code></p>
      <p class="download-only-iso"><code>https://tails.boum.org/install/download-iso/</code></p>
212
213
    </div> <!-- Outdated browser -->
  </div> <!-- Direct download -->
214

215
  <div id="bittorrent-download" class="col-md-6">
216
    <h2>BitTorrent download</h2>
217
    <p class="floating-toggleable-link what-is-bittorrent-link">[[!toggle id="what-is-bittorrent" text="What is BitTorrent?"]]</p>
218
219
220
221
222
223
224

    <div id="what-is-bittorrent" class="floating-toggleable">
    [[!toggleable id="what-is-bittorrent" text="""
    [[!toggle id="what-is-bittorrent" text="X"]]
    <p>BitTorrent is a peer-to-peer technology for file sharing that makes your
    download faster and easier to resume.</p>

sajolida's avatar
sajolida committed
225
    <p>You need to install BitTorrent software on your computer, like
226
227
228
229
230
    <a href="https://transmissionbt.com/">Transmission</a> (for Windows, macOS, and Linux).</p>

    <p>BitTorrent doesn't work over Tor or in Tails.</p>
    """]]
    </div>
231

232
    <div id="step-download-torrent">
233
234
      <h3><span class="step-number"><span class="windows linux mac upgrade-tails">1.</span>1</span>Download Tails (Torrent file)</h3>
      <div class="windows linux mac upgrade-tails download-only-img">
235
236
        <a href="[[!inline pages="inc/stable_amd64_img_torrent_url" raw="yes" sort="age"]]" id="download-img-torrent" class="btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] Torrent file for USB image</a>
      </div>
sajolida's avatar
sajolida committed
237
      <div class="dvd vm download-only-iso">
238
239
        <a href="[[!inline pages="inc/stable_amd64_iso_torrent_url" raw="yes" sort="age"]]" id="download-iso-torrent" class="btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] Torrent file for ISO image</a>
      </div>
240
    </div>
241

242
    <div id="step-verify-bittorrent">
243
      <h3><span class="step-number"><span class="windows linux mac upgrade-tails">1.</span>2</span>Verify your download using BitTorrent</h3>
244
245
      <p class="indent">Your BitTorrent client will automatically verify your download when it is complete.</p>
    </div>
246

247
    <div id="step-continue-bittorrent">
248
249
      <h3><span class="step-number"><span class="windows linux mac dvd vm upgrade-tails">1.</span>3</span>Continue
          <span class="windows linux mac">installing</span>
250
          <span class="upgrade-tails">upgrading</span>
251
          <span class="download-only-img download-only-iso">installing or upgrading</span></h3>
252
      <p class="windows linux mac dvd vm upgrade-tails indent">Open and download
253
      the Torrent file with your BitTorrent client. It contains the
254
      Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]
255
      <span class="windows linux mac upgrade-tails">USB</span>
sajolida's avatar
sajolida committed
256
      <span class="dvd vm">ISO</span>
257
      image that you will use in the next step.</p>
258
    </div>
259
    <div id="continue-link-bittorrent" class="indent">
260
261
262
      <div id="skip-download-bittorrent">
        <span class="windows">[[Skip download|win/usb]]</span>
        <span class="linux">[[Skip download|linux/usb]]</span>
263
        <span class="mac">[[Skip download|mac/usb]]</span>
sajolida's avatar
sajolida committed
264
265
        <span class="dvd">[[Skip download|dvd]]</span>
        <span class="vm">[[Skip download|doc/advanced_topics/virtualization]]</span>
266
267
        <span class="upgrade-tails">[[Skip download|upgrade/tails]]</span>
      </div>
268
      <div id="next-bittorrent">
269
270
271
        <div class="windows">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|win/usb]]</div>
        <div class="linux">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|linux/usb]]</div>
        <div class="mac">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|mac/usb]]</div>
272
273
274
        <div class="upgrade-tails">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/tails]]</div>
        <div class="dvd">[[<div class="btn btn-primary inline-block">Next: Burning Tails on a DVD</div>|dvd]]</div>
        <div class="vm">[[<div class="btn btn-primary inline-block">Next: Virtualization</div>|doc/advanced_topics/virtualization]]</div>
275
        <ul class="download-only-img">
276
277
278
279
          <p>Upgrade your Tails USB stick and keep your persistent storage:</p>
          <ul>
            <li>[[Upgrade inside Tails|upgrade/tails]]</li>
          </ul>
280
281
282
283
284
285
          <p>Install a new USB stick:</p>
          <ul>
            <li>[[Install from Windows|install/win/usb]]</li>
            <li>[[Install from macOS|install/mac/usb]]</li>
            <li>[[Install from Linux|install/linux/usb]]</li>
          </ul>
286
287
        </ul>
        <ul class="download-only-iso">
sajolida's avatar
sajolida committed
288
289
          <li>[[Burn on a DVD|dvd]]</li>
          <li>[[Run in a virtual machine|doc/advanced_topics/virtualization]]</li>
290
        </ul>
291
      </div>
292
    </div>
293
  </div> <!-- BitTorrent download -->
294

295
</div>
296

297
298
299
<div id="openpgp">

<h2>Verify using OpenPGP (optional)</h2>
300

301
<p>If you know OpenPGP, you can also verify your download using an
cbrownstein's avatar
cbrownstein committed
302
OpenPGP signature instead of, or in addition to, our browser extension or
303
BitTorrent.</p>
304

sajolida's avatar
sajolida committed
305
306
<ol>
  <li>
307
   <p>Download and import the [[Tails signing key|tails-signing.key]].</p>
sajolida's avatar
sajolida committed
308
  </li>
309

sajolida's avatar
sajolida committed
310
  <li>
311
   <p>Download the
312
313
   <a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
   <a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
314
   and save it to the same folder where
315
   you saved the image.</p>
sajolida's avatar
sajolida committed
316
  </li>
317
</ol>
318

319
<h3>Basic OpenPGP verification</h3>
320

321
[[!toggle id="basic-openpgp" text="See instructions for basic OpenPGP verification."]]
322

323
324
[[!toggleable id="basic-openpgp" text="""
<span class="hide">[[!toggle id="basic-openpgp" text=""]]</span>
325

sajolida's avatar
sajolida committed
326
<p>This section provides simplified instructions:</p>
327

sajolida's avatar
sajolida committed
328
329
330
331
332
333
<ul>
  <li><a href="#windows">In Windows with <span class="application">Gpg4win</span></a></li>
  <li><a href="#mac">In macOS with <span class="application">GPGTools</span></a></li>
  <li><a href="#tails">In Tails</a></li>
  <li><a href="#command-line">Using the command line</a></li>
</ul>
334
335
336

<a id="windows"></a>

sajolida's avatar
sajolida committed
337
<h3>In Windows with <span class="application">Gpg4win</span></h3>
338

sajolida's avatar
sajolida committed
339
340
<p>See the [[<span class="application">Gpg4win</span> documentation on
verifying signatures|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]].</p>
341

342
<p>Verify that the date of the signature is at most five days earlier than
343
the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
344

sajolida's avatar
sajolida committed
345
<p>If the following warning appears:</p>
346
347
348
349
350
351
352

<pre>
Not enough information to check the signature validity.
Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
The validity of the signature cannot be verified.
</pre>

353
<p>Then the image is still correct according to the signing key that you
354
downloaded. To remove this warning you need to <a href="#wot">authenticate the
sajolida's avatar
sajolida committed
355
signing key through the OpenPGP Web of Trust</a>.</p>
356
357
358

<a id="mac"></a>

sajolida's avatar
sajolida committed
359
<h3>In macOS using <span class="application">GPGTools</span></h3>
360

sajolida's avatar
sajolida committed
361
362
363
<ol>
  <li>
   Open <span class="application">Finder</span> and navigate to the
364
   folder where you saved the image and the signature.
sajolida's avatar
sajolida committed
365
  </li>
366

sajolida's avatar
sajolida committed
367
  <li>
368
   Right-click on the image and choose
369
370
371
   <span class="guimenuchoice">
     <span class="guisubmenu">Services</span>
     <span class="guimenuitem">OpenPGP: Verify Signature of File</span></span>.
sajolida's avatar
sajolida committed
372
373
  </li>
</ol>
374
375
376

<a id="tails"></a>

sajolida's avatar
sajolida committed
377
<h3>In Tails</h3>
378

sajolida's avatar
sajolida committed
379
380
381
<ol>
  <li>
   Open the file browser and navigate to the folder where you saved the
382
   image and the signature.
sajolida's avatar
sajolida committed
383
  </li>
384

sajolida's avatar
sajolida committed
385
386
  <li>
   Right-click on the signature and choose <span class="guimenuitem">Open With
387
   Verify Signature</span>.
sajolida's avatar
sajolida committed
388
  </li>
389

sajolida's avatar
sajolida committed
390
  <li>
391
   The verification of the image starts automatically:
392

sajolida's avatar
sajolida committed
393
394
   <p>[[!img install/inc/screenshots/verifying_in_tails.png link="no"]]</p>
  </li>
395

sajolida's avatar
sajolida committed
396
  <li>
397
398
   After the verification finishes, you should see a notification that the
   signature is good:
399

400
401
   <p class="windows linux mac upgrade-tails download-only-img">[[!img install/inc/screenshots/verifying_in_tails_img_notification.png link="no"]]</p>
   <p class="dvd vm download-only-iso">[[!img install/inc/screenshots/verifying_in_tails_iso_notification.png link="no"]]</p>
402

403
   <p>Verify that the date of the signature is at most five days earlier
404
   than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
sajolida's avatar
sajolida committed
405
406
  </li>
</ol>
407
408
409

<a id="command-line"></a>

sajolida's avatar
sajolida committed
410
<h3>Using the command line</h3>
411

sajolida's avatar
sajolida committed
412
413
414
<ol>

  <li>
415
   Open a terminal and navigate to the folder where you saved the
416
   image and the signature.
sajolida's avatar
sajolida committed
417
  </li>
418

sajolida's avatar
sajolida committed
419
420
  <li>
   <p>Execute:</p>
421

422
423
   <p class="windows linux mac upgrade-tails download-only-img pre">[[!inline pages="inc/stable_amd64_img_gpg_verify" raw="yes" sort="age"]]</p>
   <p class="dvd vm download-only-iso pre">[[!inline pages="inc/stable_amd64_iso_gpg_verify" raw="yes" sort="age"]]</p>
424

sajolida's avatar
sajolida committed
425
   <p>The output of this command should be the following:</p>
426

427
428
   <p class="windows linux mac upgrade-tails download-only-img pre">[[!inline pages="inc/stable_amd64_img_gpg_signature_output" raw="yes" sort="age"]]</p>
   <p class="dvd vm download-only-iso pre">[[!inline pages="inc/stable_amd64_iso_gpg_signature_output" raw="yes" sort="age"]]</p>
429

430
   <p>Verify that the date of the signature is at most five days
431
   earlier than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
432

sajolida's avatar
sajolida committed
433
   <p>If the output also includes:</p>
434

sajolida's avatar
sajolida committed
435
436
437
438
   <p class="pre">
   gpg: WARNING: This key is not certified with a trusted signature!<br/>
   gpg:          There is no indication that the signature belongs to the owner.<br/>
   </p>
439

440
   <p>Then the image is still correct according to the signing key that you
441
   downloaded. To remove this warning you need to <a href="#wot">authenticate
sajolida's avatar
sajolida committed
442
443
   the signing key through the OpenPGP Web of Trust</a>.</p>
  </li>
444

sajolida's avatar
sajolida committed
445
446
</ol>

447
448
"""]]

449
450
<a id="wot"></a>

451
<h3>Authenticate the signing key through the OpenPGP Web of Trust</h3>
452

453
<p>Authenticating our signing key through the OpenPGP Web of Trust is
cbrownstein's avatar
cbrownstein committed
454
the only way that you can be protected in case our website is
455
456
compromised or if you are a victim of a [[man-in-the-middle attack|doc/about/warning#man-in-the-middle]].
However, it is complicated to do and it might not be
cbrownstein's avatar
cbrownstein committed
457
458
possible for everyone because it relies on trust relationships between
individuals.</p>
459
460
461
462
463
464

[[!toggle id="web-of-trust" text="Read more about authenticating the Tails signing key through the OpenPGP Web of Trust."]]

[[!toggleable id="web-of-trust" text="""
<span class="hide">[[!toggle id="web-of-trust" text=""]]</span>

cbrownstein's avatar
cbrownstein committed
465
<p>The verification techniques that we present (browser extension,
466
BitTorrent, or OpenPGP verification) all rely on some
sajolida's avatar
sajolida committed
467
information being securely downloaded using HTTPS from our website:</p>
468

sajolida's avatar
sajolida committed
469
470
471
<ul>
  <li>The <em>checksum</em> for the Firefox extension</li>
  <li>The <em>Torrent file</em> for BitTorrent</li>
cbrownstein's avatar
cbrownstein committed
472
  <li>The <em>Tails signing key</em> for OpenPGP verification</li>
sajolida's avatar
sajolida committed
473
</ul>
474

cbrownstein's avatar
cbrownstein committed
475
<p>It is possible that you could download malicious information if our
476
477
website is compromised or if you are a victim of a man-in-the-middle
attack.</p>
478

sajolida's avatar
Shorten    
sajolida committed
479
<p>OpenPGP verification is the only technique that protects you if
cbrownstein's avatar
cbrownstein committed
480
our website is compromised or if you are a victim of a man-in-the-middle
481
attack. But, for that you need to authenticate the Tails signing key
cbrownstein's avatar
cbrownstein committed
482
through the OpenPGP Web of Trust.</p>
483
484
485

<div class="note">

486
<p>If you are verifying an image from inside Tails, for
cbrownstein's avatar
cbrownstein committed
487
488
example, to do a manual upgrade, then you already have the Tails signing key.
You can trust this signing key as much as you already trust your
sajolida's avatar
sajolida committed
489
490
Tails installation since this signing key is included in your Tails
installation.</p>
491
492
493

</div>

cbrownstein's avatar
cbrownstein committed
494
<p>One of the inherent problems of standard HTTPS is that the trust put
495
496
497
in a website is defined by certificate authorities: a hierarchical and closed
set of companies and governmental institutions approved by your web browser vendor.
This model of trust has long been criticized and proved several times to be
sajolida's avatar
sajolida committed
498
vulnerable to attacks [[as explained on our warning page|doc/about/warning#man-in-the-middle]].</p>
499

sajolida's avatar
sajolida committed
500
<p>We believe that, instead, users should be given the final say when trusting a
501
website, and that designation of trust should be done on the basis of human
sajolida's avatar
sajolida committed
502
interactions.</p>
503

sajolida's avatar
sajolida committed
504
<p>The OpenPGP [[!wikipedia Web_of_Trust]] is a
cbrownstein's avatar
cbrownstein committed
505
decentralized trust model based on OpenPGP keys that can help with solving
sajolida's avatar
sajolida committed
506
this problem. Let's see this with an example:</p>
507

sajolida's avatar
sajolida committed
508
509
<ol>
  <li>
cbrownstein's avatar
cbrownstein committed
510
511
   <em>You are friends with Alice and you really trust her way of making sure
   that OpenPGP keys actually belong to their owners.</em>
sajolida's avatar
sajolida committed
512
  </li>
513

sajolida's avatar
sajolida committed
514
  <li>
cbrownstein's avatar
cbrownstein committed
515
   <em>Alice met Bob, a Tails developer, in a conference and certified
516
   Bob's key as actually belonging to Bob.</em>
sajolida's avatar
sajolida committed
517
  </li>
518

sajolida's avatar
sajolida committed
519
  <li>
cbrownstein's avatar
cbrownstein committed
520
    <em>Bob is a Tails developer who directly owns the Tails signing key. So,
521
    Bob has certified the Tails signing key as actually belonging to Tails.</em>
sajolida's avatar
sajolida committed
522
523
  </li>
</ol>
524

sajolida's avatar
sajolida committed
525
<p>In this scenario, you found, through Alice and Bob, a path to trust the Tails signing key
sajolida's avatar
sajolida committed
526
without the need to rely on certificate authorities.</p>
527
528
529
530
531
532
533
534
535
536
537
538
539

<div class="tip">

<p>If you are on Debian, Ubuntu, or Linux Mint, you can install the
<code>debian-keyring</code> package which contains the OpenPGP keys of
all Debian developers. Some Debian developers have certified the Tails
signing key and you can use these certifications to build a trust path.
This technique is explained in detail in our instructions on
[[installing Tails from Debian, Ubuntu, or Linux Mint using the command
line|install/expert/usb]].</p>

</div>

sajolida's avatar
sajolida committed
540
541
<p>Relying on the Web of Trust requires both caution and intelligent supervision
by the users. The technical details are outside of the scope of this document.</p>
542

cbrownstein's avatar
cbrownstein committed
543
544
<p>Since the Web of Trust is based on actual human relationships and
real-life interactions, it is best to get in touch with people
545
knowledgeable about OpenPGP and build trust relationships in order to
sajolida's avatar
sajolida committed
546
find your own trust path to the Tails signing key.</p>
547

sajolida's avatar
sajolida committed
548
<p>For example, you can start by contacting a local [[!wikipedia Linux_User_Group]],
549
[[an organization offering Tails training|support/learn]], or other Tails
sajolida's avatar
sajolida committed
550
enthusiasts near you and exchange about their OpenPGP practices.</p>
551
552
553

<div class="tip">

cbrownstein's avatar
cbrownstein committed
554
<p>After you build a trust path, you can certify the Tails signing key by
555
556
557
558
559
signing it with your own key to get rid of some warnings during the
verification process.</p>

</div>

560
"""]]
561
562

</div>