download_2.inline.html 26.7 KB
Newer Older
sajolida's avatar
sajolida committed
1
<div id="activate-tails-verification"></div> <!-- Needed to activate the verification extension -->
2
<div id="extension-version">0.94</div> <!-- Minimum version of the extension -->
3

4
<h1 class="debian windows linux mac-usb mac-dvd dvd vm upgrade-tails">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</h1>
5

6
7
<div class="row">

8
  <div id="direct-download" class="col-md-6"> <!-- Direct download -->
9
10
    <h2>Direct download</h2>

11
    <div class="supported-browser no-js">
12
13
      <div id="step-download-iso">
        <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>1</span>Download Tails</h3>
14
        <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso" class="use-mirror-pool btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_iso_size" raw="yes" sort="age"]]</span>)</a>
15
        <p id="already-downloaded" class="indent"><a>I already downloaded Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]].</a></p>
16
      </div>
17

18
      <div id="step-verify-direct">
sajolida's avatar
sajolida committed
19
        <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>2</span>Verify your download using your browser</h3>
20
        <div class="caution indent">
21
          <p><b>For your security,<br/>always verify your download!</b></p>
22
          <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-supported" text="Why?"]]</p>
23
24
25
          <div id="why-verify-supported" class="floating-toggleable">
          [[!toggleable id="why-verify-supported" text="""
          [[!toggle id="why-verify-supported" text="X"]]
26
          <p>With an unverified download, you might:</p>
27
          <ul>
28
            <li>Lose time if your download is incomplete or broken due to an error during the download.
29
                This is quite frequent.</li>
30
            <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
31
                <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
32
            <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
33
34
35
36
                <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
          </ul>
          """]]
          </div>
37
          <p>Our browser extension makes it quick and easy.</p>
38
        </div>
39
        <div id="install-extension" class="indent">
40
41
          <a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn supported-browser firefox btn btn-primary inline-block">Install <u>Tails Verification</u> extension</a>
          <a class="install-extension-btn supported-browser chrome btn btn-primary inline-block">Install <u>Tails Verification</u> extension</a>
42
43
44
45
46
          <div class="no-js">
            <p>You seem to have JavaScript disabled. To use our browser
               extension, please allow all this page:</p>
            [[!img screenshots/allow_js.png link="no"]]
          </div>
47
        </div>
48
49
        <div id="update-extension" class="indent block">
          <p>Your extension is an older version.</p>
50
51
          <a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn firefox btn btn-primary inline-block">Update extension</a>
          <a class="install-extension-btn chrome btn btn-primary inline-block">Update extension</a>
52
53
        </div>
        <div id="verification" class="indent block">
54
          <p id="extension-installed" class="block"><u>Tails Verification</u> extension Installed!</p>
55
          <label id="verify-download-wrapper" class="btn btn-primary inline-block">
56
57
58
            Verify download&hellip;
            <input id="verify-download" type="file"/>
          </label>
sajolida's avatar
sajolida committed
59
          <div id="verifying-download" class="indent block">
60
            <p>Verifying <span id="filename">$FILENAME</span>&hellip;</p>
sajolida's avatar
sajolida committed
61
62
63
64
            <div class="progress">
              <div id="progress-bar" class="progress-bar" role="progressbar" style="width: 0%" aria-valuenow="0" aria-valuemin="0" aria-valuemax="100"></div>
            </div>
          </div>
65
          <p id="verification-successful" class="block">Verification successful!</p>
66
          <div id="verification-failed" class="block">
67
            <p><b>Verification failed!</b></p>
68
            <p class="floating-toggleable-link why-failed-link">[[!toggle id="why-failed" text="Why?"]]</p>
69
70
71
72
73
74
75
76
77
78
79
80
81
82
            <div id="why-failed" class="floating-toggleable">
            [[!toggleable id="why-failed" text="""
            [[!toggle id="why-failed" text="X"]]
            <p>Most likely, the verification failed because of an error
            or interruption during the download.</p>

            <p>Less likely, the verification might have failed because
            of a malicious download from our download mirrors or due to
            a network attack in your country or local network.</p>

            <p>Downloading again is usually enough to fix this
            problem.</p>
            """]]
            </div>
83
            <p><a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso-again" class="use-mirror-pool">Please try to download again&hellip;</a></p>
84
          </div>
85
          <div id="verification-failed-again" class="block">
86
            <p><b>Verification failed again!</b></p>
87
            <p class="floating-toggleable-link why-failed-again-link">[[!toggle id="why-failed-again" text="Why?"]]</p>
88
89
90
91
92
93
94
95
96
97
98
99
            <div id="why-failed-again" class="floating-toggleable">
            [[!toggleable id="why-failed-again" text="""
            [[!toggle id="why-failed-again" text="X"]]
            <p>The verification might have failed again because of:</p>
            <ul>
              <li>A software problem in our verification extension</li>
              <li>A malicious download from our download mirrors</li>
              <li>A network attack in your country or local network</li>
            </ul>
            <p>Trying from a different place or a different computer might solve any of these issues.</p>
            """]]
            </div>
100
            <p>Please try to download again from a different place or a different computer&hellip;</p>
101
102
          </div>
        </div>
103
104
      </div>

105
      <div id="step-continue-direct">
sajolida's avatar
sajolida committed
106
        <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>3</span>Continue
107
108
109
          <span class="debian windows linux mac-usb mac-dvd">installing</span>
          <span class="upgrade-tails">upgrading</span>
          <span class="download-only">installing or upgrading</span></h3>
110
      </div>
111
      <div id="continue-link-direct" class="indent">
112
113
114
115
116
117
        <div id="skip-download-direct">
          <span class="debian">[[Skip download|debian/usb]]</span>
          <span class="windows">[[Skip download|win/usb]]</span>
          <span class="linux">[[Skip download|linux/usb]]</span>
          <span class="mac-usb">[[Skip download|mac/usb]]</span>
          <span class="mac-dvd">[[Skip download|mac/dvd]]</span>
118
119
          <span class="dvd">[[Skip download|dvd]]</span>
          <span class="vm">[[Skip download|doc/advanced_topics/virtualization]]</span>
120
121
          <span class="upgrade-tails">[[Skip download|upgrade/tails]]</span>
        </div>
122
        <div id="skip-verification-direct" class="block">
sajolida's avatar
sajolida committed
123
124
125
126
127
128
129
130
          <div class="debian">[[Skip verification!|debian/usb]]</div>
          <div class="windows">[[Skip verification!|win/usb]]</div>
          <div class="linux">[[Skip verification!|linux/usb]]</div>
          <div class="mac-usb">[[Skip verification!|mac/usb]]</div>
          <div class="mac-dvd">[[Skip verification!|mac/dvd]]</div>
          <div class="dvd">[[Skip verification!|dvd]]</div>
          <div class="vm">[[Skip verification!|doc/advanced_topics/virtualization]]</div>
          <div class="upgrade-tails">[[Skip verification!|upgrade/tails]]</div>
131
        </div>
132
        <div id="next-direct">
133
134
135
136
137
138
139
140
          <div class="debian">[[<div class="btn btn-primary inline-block">Next: Install <em>Tails Installer</em> (<span class="next-counter"></span>)</div>|debian/usb]]</div>
          <div class="windows">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|win/usb]]</div>
          <div class="linux">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|linux/usb]]</div>
          <div class="mac-usb">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|mac/usb]]</div>
          <div class="mac-dvd">[[<div class="btn btn-primary inline-block">Next: Burn a Tails DVD (<span class="next-counter"></span>)</div>|mac/dvd]]</div>
          <div class="upgrade-tails">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/tails]]</div>
          <div class="dvd">[[<div class="btn btn-primary inline-block">Next: Burning Tails on a DVD</div>|dvd]]</div>
          <div class="vm">[[<div class="btn btn-primary inline-block">Next: Virtualization</div>|doc/advanced_topics/virtualization]]</div>
141
          <ul class="download-only">
sajolida's avatar
sajolida committed
142
143
144
145
146
147
148
149
            <li>[[Install from Windows|install/win/usb]]</li>
            <li>[[Install from Debian, Ubuntu, or Mint|install/debian/usb]]</li>
            <li>[[Install from other Linux distributions|install/linux/usb]]</li>
            <li>[[Install from macOS by burning a DVD first|install/mac/dvd]]</li>
            <li>[[Install from macOS and the command line|install/mac/usb]]</li>
            <li>[[Burn on a DVD|dvd]]</li>
            <li>[[Run in a virtual machine|doc/advanced_topics/virtualization]]</li>
            <li>[[Upgrade inside Tails|upgrade/tails]]</li>
150
          </ul>
151
        </div>
152
      </div>
153
    </div> <!-- Supported browser & No JS -->
154

sajolida's avatar
sajolida committed
155
    <div class="outdated-browser unsupported-browser">
sajolida's avatar
sajolida committed
156
157
158
      <p>You are using <u><b><span id="detected-browser">$DETECTED-BROWSER</span></b></u>.</p>
      <p>Direct download is only available for:</p>
      <ul>
159
        <li>Firefox <span id="min-version-firefox">$MINVER-FIREFOX</span> and later (<a href="https://www.mozilla.org/firefox/new/">Download</a>)</li>
160
        <li>Chrome<span id="min-version-chrome">$MINVER-CHROME</span> and later (<a href="https://www.google.com/chrome/">Download</a>)</li>
161
        <li>Tor Browser <span id="min-version-tor-browser">$MINVER-TOR-BROWSER</span> and later (<a href="https://www.torproject.org/download/download-easy.html">Download</a>)</li>
sajolida's avatar
sajolida committed
162
      </ul>
163
164
165
166
167
168
    </div>
    <div class="outdated-browser">
      <p>Please update your browser to the latest version.</p>
    </div>
    <div class="unsupported-browser">
      <div class="caution">
169
        <p><b>For your security,<br/>always verify your download!</b></p>
170
        <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-unsupported" text="Why?"]]</p>
171
172
173
174
175
176
177
178
179
180
181
182
183
184
        <div id="why-verify-unsupported" class="floating-toggleable">
        [[!toggleable id="why-verify-unsupported" text="""
        [[!toggle id="why-verify-unsupported" text="X"]]
        <p>With an unverified download, you might:</p>
        <ul>
          <li>Lose time if your download is incomplete or broken due to an error during the download.
              This is quite frequent.</li>
          <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
              <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
          <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
              <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
        </ul>
        """]]
        </div>
185
        <p>Our browser extension for Firefox, Chrome, and Tor Browser makes this quick and easy.</p>
sajolida's avatar
sajolida committed
186
      </div>
187
      <p>Copy and paste this link in Firefox, Chrome, or Tor Browser:</p>
188
189
190
191
192
193
194
195
196
      <p class="debian"><code>https://tails.boum.org/install/debian/usb-download/</code></p>
      <p class="windows"><code>https://tails.boum.org/install/win/usb-download/</code></p>
      <p class="linux"><code>https://tails.boum.org/install/linux/usb-download/</code></p>
      <p class="mac-usb"><code>https://tails.boum.org/install/mac/usb-download/</code></p>
      <p class="mac-dvd"><code>https://tails.boum.org/install/mac/dvd-download/</code></p>
      <p class="upgrade-tails"><code>https://tails.boum.org/upgrade/tails-download/</code></p>
      <p class="dvd"><code>https://tails.boum.org/install/dvd-download/</code></p>
      <p class="vm"><code>https://tails.boum.org/install/vm-download/</code></p>
      <p class="download-only"><code>https://tails.boum.org/install/download/</code></p>
197
198
    </div> <!-- Outdated browser -->
  </div> <!-- Direct download -->
199

200
  <div id="bittorrent-download" class="col-md-6">
201
    <h2>BitTorrent download</h2>
202
    <p class="floating-toggleable-link what-is-bittorrent-link">[[!toggle id="what-is-bittorrent" text="What is BitTorrent?"]]</p>
203
204
205
206
207
208
209

    <div id="what-is-bittorrent" class="floating-toggleable">
    [[!toggleable id="what-is-bittorrent" text="""
    [[!toggle id="what-is-bittorrent" text="X"]]
    <p>BitTorrent is a peer-to-peer technology for file sharing that makes your
    download faster and easier to resume.</p>

sajolida's avatar
sajolida committed
210
    <p>You need to install BitTorrent software on your computer, like
211
212
213
214
215
    <a href="https://transmissionbt.com/">Transmission</a> (for Windows, macOS, and Linux).</p>

    <p>BitTorrent doesn't work over Tor or in Tails.</p>
    """]]
    </div>
216

217
218
    <div id="step-download-torrent">
      <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>1</span>Download Tails (Torrent file)</h3>
219
      <a href="[[!inline pages="inc/stable_amd64_torrent_url" raw="yes" sort="age"]]" id="download-torrent" class="btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] Torrent file</a>
220
    </div>
221

222
    <div id="step-verify-bittorrent">
sajolida's avatar
sajolida committed
223
      <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>2</span>Verify your download using BitTorrent</h3>
224
225
      <p class="indent">Your BitTorrent client will automatically verify your download when it is complete.</p>
    </div>
226

227
    <div id="step-continue-bittorrent">
sajolida's avatar
sajolida committed
228
      <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>3</span>Continue
229
230
231
          <span class="debian windows linux mac-usb mac-dvd">installing</span>
          <span class="upgrade-tails">upgrading</span>
          <span class="download-only">installing or upgrading</span></h3>
232
233
234
235
      <p class="debian windows linux mac-usb mac-dvd upgrade-tails indent">Open and download
      the Torrent file with your BitTorrent client. It contains the
      Tails [[!inline pages="inc/stable_amd64_version" raw="yes"
      sort="age"]] ISO image that you will use in the next step.</p>
236
    </div>
237
    <div id="continue-link-bittorrent" class="indent">
238
239
240
241
242
243
      <div id="skip-download-bittorrent">
        <span class="debian">[[Skip download|debian/usb]]</span>
        <span class="windows">[[Skip download|win/usb]]</span>
        <span class="linux">[[Skip download|linux/usb]]</span>
        <span class="mac-usb">[[Skip download|mac/usb]]</span>
        <span class="mac-dvd">[[Skip download|mac/dvd]]</span>
sajolida's avatar
sajolida committed
244
245
        <span class="dvd">[[Skip download|dvd]]</span>
        <span class="vm">[[Skip download|doc/advanced_topics/virtualization]]</span>
246
247
        <span class="upgrade-tails">[[Skip download|upgrade/tails]]</span>
      </div>
248
      <div id="next-bittorrent">
249
250
251
252
253
254
255
256
        <div class="debian">[[<div class="btn btn-primary inline-block">Next: Install <em>Tails Installer</em> (<span class="next-counter"></span>)</div>|debian/usb]]</div>
        <div class="windows">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|win/usb]]</div>
        <div class="linux">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|linux/usb]]</div>
        <div class="mac-usb">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|mac/usb]]</div>
        <div class="mac-dvd">[[<div class="btn btn-primary inline-block">Next: Burn a Tails DVD (<span class="next-counter"></span>)</div>|mac/dvd]]</div>
        <div class="upgrade-tails">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/tails]]</div>
        <div class="dvd">[[<div class="btn btn-primary inline-block">Next: Burning Tails on a DVD</div>|dvd]]</div>
        <div class="vm">[[<div class="btn btn-primary inline-block">Next: Virtualization</div>|doc/advanced_topics/virtualization]]</div>
257
        <ul class="download-only">
sajolida's avatar
sajolida committed
258
259
260
261
262
263
264
265
          <li>[[Install from Windows|install/win/usb]]</li>
          <li>[[Install from Debian, Ubuntu, or Mint|install/debian/usb]]</li>
          <li>[[Install from other Linux distributions|install/linux/usb]]</li>
          <li>[[Install from macOS by burning a DVD first|install/mac/dvd]]</li>
          <li>[[Install from macOS and the command line|install/mac/usb]]</li>
          <li>[[Burn on a DVD|dvd]]</li>
          <li>[[Run in a virtual machine|doc/advanced_topics/virtualization]]</li>
          <li>[[Upgrade inside Tails|upgrade/tails]]</li>
266
        </ul>
267
      </div>
268
    </div>
269
  </div> <!-- BitTorrent download -->
270

271
</div>
272

273
274
275
<div id="openpgp">

<h2>Verify using OpenPGP (optional)</h2>
276

277
278
279
<p>If you know OpenPGP, you can also verify your download using an
OpenPGP signature instead, or in addition to, our browser extension or
BitTorrent.</p>
280

sajolida's avatar
sajolida committed
281
282
<ol>
  <li>
283
   <p>Download the [[Tails signing key|tails-signing.key]].</p>
sajolida's avatar
sajolida committed
284
  </li>
285

sajolida's avatar
sajolida committed
286
287
  <li>
   <p>Download the <a href='[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]'>
288
289
   Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] OpenPGP signature</a>
   and save it to the same folder where
sajolida's avatar
sajolida committed
290
291
   you saved the ISO image.</p>
  </li>
292
</ol>
293

294
<h3>Basic OpenPGP verification</h3>
295

296
297
298
299
<p>Verifying using OpenPGP but without authenticating our signing key
through the OpenPGP Web of Trust is equivalent in terms of security to
verifying using our browser extension or BitTorrent because it relies on
downloading a genuine signing key from our website.</p>
sajolida's avatar
sajolida committed
300

301
[[!toggle id="basic-openpgp" text="See instructions for basic OpenPGP verification."]]
302

303
304
[[!toggleable id="basic-openpgp" text="""
<span class="hide">[[!toggle id="basic-openpgp" text=""]]</span>
305

sajolida's avatar
sajolida committed
306
<p>This section provides simplified instructions:</p>
307

sajolida's avatar
sajolida committed
308
309
310
311
312
313
<ul>
  <li><a href="#windows">In Windows with <span class="application">Gpg4win</span></a></li>
  <li><a href="#mac">In macOS with <span class="application">GPGTools</span></a></li>
  <li><a href="#tails">In Tails</a></li>
  <li><a href="#command-line">Using the command line</a></li>
</ul>
314
315
316

<a id="windows"></a>

sajolida's avatar
sajolida committed
317
<h3>In Windows with <span class="application">Gpg4win</span></h3>
318

sajolida's avatar
sajolida committed
319
320
<p>See the [[<span class="application">Gpg4win</span> documentation on
verifying signatures|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]].</p>
321

sajolida's avatar
sajolida committed
322
<p>Verify the date of the signature to make sure that you downloaded the latest version.</p>
323

sajolida's avatar
sajolida committed
324
<p>If the following warning appears:</p>
325
326
327
328
329
330
331

<pre>
Not enough information to check the signature validity.
Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
The validity of the signature cannot be verified.
</pre>

sajolida's avatar
sajolida committed
332
<p>Then the ISO image is still correct according to the signing key that you
333
downloaded. To remove this warning you need to <a href="#wot">authenticate the
sajolida's avatar
sajolida committed
334
signing key through the OpenPGP Web of Trust</a>.</p>
335
336
337

<a id="mac"></a>

sajolida's avatar
sajolida committed
338
<h3>In macOS using <span class="application">GPGTools</span></h3>
339

sajolida's avatar
sajolida committed
340
341
342
<ol>
  <li>
   Open <span class="application">Finder</span> and navigate to the
343
   folder where you saved the ISO image and the signature.
sajolida's avatar
sajolida committed
344
  </li>
345

sajolida's avatar
sajolida committed
346
347
  <li>
   Right-click on the ISO image and choose
348
349
350
   <span class="guimenuchoice">
     <span class="guisubmenu">Services</span>
     <span class="guimenuitem">OpenPGP: Verify Signature of File</span></span>.
sajolida's avatar
sajolida committed
351
352
  </li>
</ol>
353
354
355

<a id="tails"></a>

sajolida's avatar
sajolida committed
356
<h3>In Tails</h3>
357

sajolida's avatar
sajolida committed
358
359
360
<ol>
  <li>
   Open the file browser and navigate to the folder where you saved the
361
   ISO image and the signature.
sajolida's avatar
sajolida committed
362
  </li>
363

sajolida's avatar
sajolida committed
364
365
  <li>
   Right-click on the signature and choose <span class="guimenuitem">Open With
366
   Verify Signature</span>.
sajolida's avatar
sajolida committed
367
  </li>
368

sajolida's avatar
sajolida committed
369
370
  <li>
   The verification of the ISO image starts automatically:
371

sajolida's avatar
sajolida committed
372
373
   <p>[[!img install/inc/screenshots/verifying_in_tails.png link="no"]]</p>
  </li>
374

sajolida's avatar
sajolida committed
375
376
  <li>
   After the verification finishes, click on the notification counter in
377
378
379
   the bottom-right corner and on the notification with a transparent
   background on the right of the notification area:

sajolida's avatar
sajolida committed
380
   <p>[[!img install/inc/screenshots/notification_in_tails.png link="no"]]</p>
381

sajolida's avatar
sajolida committed
382
383
384
   <p>Verify the date of the signature to make sure that you downloaded the latest version.</p>
  </li>
</ol>
385
386
387

<a id="command-line"></a>

sajolida's avatar
sajolida committed
388
<h3>Using the command line</h3>
389

sajolida's avatar
sajolida committed
390
391
392
393
<ol>

  <li>
   Open a terminal and navigate to the folder where you saved the ISO
394
   image and the signature.
sajolida's avatar
sajolida committed
395
  </li>
396

sajolida's avatar
sajolida committed
397
398
  <li>
   <p>Execute:</p>
399
400
401

   <p class="pre">[[!inline pages="inc/stable_amd64_gpg_verify" raw="yes" sort="age"]]</p>

sajolida's avatar
sajolida committed
402
   <p>The output of this command should be the following:</p>
403
404
405

   <p class="pre">[[!inline pages="inc/stable_amd64_gpg_signature_output" raw="yes" sort="age"]]</p>

sajolida's avatar
sajolida committed
406
   <p>Verify the date of the signature to make sure that you downloaded the latest version.</p>
407

sajolida's avatar
sajolida committed
408
   <p>If the output also includes:</p>
409

sajolida's avatar
sajolida committed
410
411
412
413
   <p class="pre">
   gpg: WARNING: This key is not certified with a trusted signature!<br/>
   gpg:          There is no indication that the signature belongs to the owner.<br/>
   </p>
414

sajolida's avatar
sajolida committed
415
   <p>Then the ISO image is still correct according to the signing key that you
416
   downloaded. To remove this warning you need to <a href="#wot">authenticate
sajolida's avatar
sajolida committed
417
418
   the signing key through the OpenPGP Web of Trust</a>.</p>
  </li>
419

sajolida's avatar
sajolida committed
420
421
</ol>

422
423
"""]]

424
425
<a id="wot"></a>

426
<h3>Authenticate the signing key through the OpenPGP Web of Trust</h3>
427

428
429
430
431
432
433
434
435
436
437
438
439
440
<p>Authenticating our signing key through the OpenPGP Web of Trust is
the only verification technique that can protect you in case our website
is compromised. It is also the most complicated technique and might not
be possible for everyone to perform because it relies on trust
relationships between individuals.</p>

[[!toggle id="web-of-trust" text="Read more about authenticating the Tails signing key through the OpenPGP Web of Trust."]]

[[!toggleable id="web-of-trust" text="""
<span class="hide">[[!toggle id="web-of-trust" text=""]]</span>

<p>The verification techniques presented until now (browser extension,
BitTorrent, or OpenPGP verification) all rely on some
sajolida's avatar
sajolida committed
441
information being securely downloaded using HTTPS from our website:</p>
442

sajolida's avatar
sajolida committed
443
444
445
446
447
<ul>
  <li>The <em>checksum</em> for the Firefox extension</li>
  <li>The <em>Torrent file</em> for BitTorrent</li>
  <li>The <em>Tails signing key</em> for the OpenPGP verification</li>
</ul>
448

sajolida's avatar
sajolida committed
449
<p>But, while doing so, you could download malicious information if our
cbrownstein's avatar
cbrownstein committed
450
website is compromised or if you are a victim of a [[man-in-the-middle
sajolida's avatar
sajolida committed
451
attack|doc/about/warning#man-in-the-middle]].</p>
452

sajolida's avatar
sajolida committed
453
<p>The OpenPGP verification is the only technique that allows you to verify the ISO image even better
454
455
by also authenticating the Tails signing key through the OpenPGP Web of
Trust. Relying on the OpenPGP Web of Trust is the only way to completely
sajolida's avatar
sajolida committed
456
protect you from malicious downloads.</p>
457
458
459
460
461
462
463
464
465
466

<div class="note">

<p>If you are verifying an ISO image from inside Tails already, for
example to do a manual upgrade, then the Tails signing key is already
included in Tails. You can trust this signing key as much as you are trusting your
Tails installation already because you are not downloading it.</p>

</div>

sajolida's avatar
sajolida committed
467
<p>One of the inherent problems of standard HTTPS is that the trust we usually put
468
469
470
in a website is defined by certificate authorities: a hierarchical and closed
set of companies and governmental institutions approved by your web browser vendor.
This model of trust has long been criticized and proved several times to be
sajolida's avatar
sajolida committed
471
vulnerable to attacks [[as explained on our warning page|doc/about/warning#man-in-the-middle]].</p>
472

sajolida's avatar
sajolida committed
473
<p>We believe that, instead, users should be given the final say when trusting a
474
website, and that designation of trust should be done on the basis of human
sajolida's avatar
sajolida committed
475
interactions.</p>
476

sajolida's avatar
sajolida committed
477
<p>The OpenPGP [[!wikipedia Web_of_Trust]] is a
478
decentralized trust model based on OpenPGP keys that can help solving
sajolida's avatar
sajolida committed
479
this problem. Let's see this with an example:</p>
480

sajolida's avatar
sajolida committed
481
482
<ol>
  <li>
cbrownstein's avatar
cbrownstein committed
483
   <em>You are friends with Alice and really trust her way of managing
sajolida's avatar
sajolida committed
484
485
   OpenPGP keys. So you are trusting Alice's key.</em>
  </li>
486

sajolida's avatar
sajolida committed
487
488
489
490
  <li>
   <em>Furthermore, Alice met Bob, a Tails developer, in a conference and certified
   Bob's key. So Alice is trusting Bob's key.</em>
  </li>
491

sajolida's avatar
sajolida committed
492
493
494
495
496
  <li>
    <em>Bob is a Tails developer who directly owns the Tails signing key. So
   Bob fully trusts the Tails signing key.</em>
  </li>
</ol>
497

sajolida's avatar
sajolida committed
498
499
<p>In this scenario, Alice found a path to trust the Tails signing key
without the need to rely on certificate authorities.</p>
500
501
502
503
504
505
506
507
508
509
510
511
512

<div class="tip">

<p>If you are on Debian, Ubuntu, or Linux Mint, you can install the
<code>debian-keyring</code> package which contains the OpenPGP keys of
all Debian developers. Some Debian developers have certified the Tails
signing key and you can use these certifications to build a trust path.
This technique is explained in detail in our instructions on
[[installing Tails from Debian, Ubuntu, or Linux Mint using the command
line|install/expert/usb]].</p>

</div>

sajolida's avatar
sajolida committed
513
514
<p>Relying on the Web of Trust requires both caution and intelligent supervision
by the users. The technical details are outside of the scope of this document.</p>
515

sajolida's avatar
sajolida committed
516
<p>Since the Web of Trust is actually based on human relationships and
517
518
real-life interactions, the best is to get in touch with people
knowledgeable about OpenPGP and build trust relationships in order to
sajolida's avatar
sajolida committed
519
find your own trust path to the Tails signing key.</p>
520

sajolida's avatar
sajolida committed
521
<p>For example, you can start by contacting a local [[!wikipedia Linux_User_Group]],
522
[[an organization offering Tails training|support/learn]], or other Tails
sajolida's avatar
sajolida committed
523
enthusiasts near you and exchange about their OpenPGP practices.</p>
524
525
526

<div class="tip">

cbrownstein's avatar
cbrownstein committed
527
<p>After you build a trust path, you can certify the Tails signing key by
528
529
530
531
532
signing it with your own key to get rid of some warnings during the
verification process.</p>

</div>

533
"""]]
534
535

</div>