download.inline.html 29.4 KB
Newer Older
1
2
<div id="tails-version">[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</div>

sajolida's avatar
sajolida committed
3
<h1 class="usb upgrade dvd vm">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</h1>
4

sajolida's avatar
sajolida committed
5
<div class="tip upgrade">
6
7
8
9
10

<p>While you are downloading, we recommend you read the
[[release notes|doc/upgrade/release_notes]] for Tails
[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]<span class="remove-extra-space">.</span>
They document all the changes in this new version: new features, problems that
sajolida's avatar
sajolida committed
11
were solved, and known issues that have already been identified.</p>
12
13
14
15
16

<!-- We should remove this note in favor of clickable URLs in Tails Upgrader. [[!tails_ticket 17068]] -->

</div>

sajolida's avatar
sajolida committed
17
18
19
<div class="supported-browser no-js">
  <div id="step-download">
    <h3><span class="step-number"><span class="usb upgrade">1.</span>1</span>Download Tails</h3>
sajolida's avatar
sajolida committed
20
21
22
    <div class="usb upgrade download-only-img indent">
      <a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img" class="use-mirror-pool button">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_img_size" raw="yes" sort="age"]]</span>)</a>
      <a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img" class="use-mirror-pool-on-retry button">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_img_size" raw="yes" sort="age"]]</span>)</a>
sajolida's avatar
sajolida committed
23
    </div>
sajolida's avatar
sajolida committed
24
25
26
    <div class="dvd vm download-only-iso indent">
      <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso" class="use-mirror-pool button">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_iso_size" raw="yes" sort="age"]]</span>)</a>
      <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso" class="use-mirror-pool-on-retry button">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_iso_size" raw="yes" sort="age"]]</span>)</a>
sajolida's avatar
sajolida committed
27
    </div>
sajolida's avatar
sajolida committed
28
29
    <div id="download-minor" class="indent">
      <p id="bittorrent">
30
        or download using
sajolida's avatar
sajolida committed
31
32
        <a href="[[!inline pages="inc/stable_amd64_img_torrent_url" raw="yes" sort="age"]]" id="download-img-torrent" class="usb upgrade download-only-img">BitTorrent</a>
        <a href="[[!inline pages="inc/stable_amd64_iso_torrent_url" raw="yes" sort="age"]]" id="download-iso-torrent" class="dvd vm download-only-iso">BitTorrent</a>
33
      </p>
sajolida's avatar
sajolida committed
34
      <p id="try-another-mirror">If the download fails, try to
sajolida's avatar
sajolida committed
35
36
37
38
39
40
41
        <a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" class="usb upgrade download-only-img">download from another mirror.</a>
        <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" class="dvd vm download-only-iso">download from another mirror.</a>
      </p>
    </div>
  </div>

  <div id="step-verify">
sajolida's avatar
Shorten  
sajolida committed
42
    <h3><span class="step-number"><span class="usb upgrade">1.</span>2</span>Verify your download</h3>
sajolida's avatar
sajolida committed
43
44
    <div id="javascript-verification-tip" class="indent">
      <p>For your security, always verify your download.</p>
sajolida's avatar
sajolida committed
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
      <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-supported" text="Why?"]]</p>
      <div id="why-verify-supported" class="floating-toggleable">
      [[!toggleable id="why-verify-supported" text="""
      [[!toggle id="why-verify-supported" text="X"]]
      <p>With an unverified download, you might:</p>
      <ul>
        <li>Lose time if your download is incomplete or broken due to an error during the download.
            This is quite frequent.</li>
        <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
            <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
        <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
            <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
      </ul>
      <p>[[How does the verification work?|contribute/design/verification_extension]]</p>
      """]]
60
      </div>
sajolida's avatar
sajolida committed
61
    </div>
62
63
64
65
    <div id="bittorrent-verification-tip" class="indent block">
      <p>Your BitTorrent client will automatically verify your download when it completes.</p>
      <p>The verification below is optional for a BitTorrent download.</p>
    </div>
sajolida's avatar
sajolida committed
66
67
68
69
70
71
72
    <div id="verification" class="indent block">
      <div class="no-js">
        <p>You seem to have JavaScript disabled. To use the
           verification in the browser,
           please allow all this page:</p>
        [[!img screenshots/allow_js.png link="no"]]
      </div>
sajolida's avatar
sajolida committed
73
74
75
76
77
78
      <div id="verify-button" class="block">
        <label class="button">
          Verify Tails <span class="remove-extra-space">&nbsp;[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>&hellip;
          <input id="verify-file" type="file"/>
        </label>
      </div>
sajolida's avatar
sajolida committed
79
      <div id="verifying-download" class="block">
sajolida's avatar
sajolida committed
80
        <p>Verifying <em><span class="verify-filename">$FILENAME</span></em>&hellip;</p>
sajolida's avatar
sajolida committed
81
82
        <div class="progress">
          <div id="progress-bar" class="progress-bar" role="progressbar" style="width: 0%" aria-valuenow="0" aria-valuemin="0" aria-valuemax="100"></div>
83
84
        </div>
      </div>
sajolida's avatar
sajolida committed
85
86
87
      <div id="verification-successful" class="block">
        <p>[[!img lib/check.png class="icon" link="no" alt=""]]Verification successful!</p>
      </div>
sajolida's avatar
sajolida committed
88
      <div id="verification-failed" class="block">
sajolida's avatar
sajolida committed
89
        <p>[[!img lib/cross.png class="icon" link="no" alt=""]]<b>Verification failed!</b></p>
sajolida's avatar
sajolida committed
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
        <p class="floating-toggleable-link why-failed-link">[[!toggle id="why-failed" text="Why?"]]</p>
        <div id="why-failed" class="floating-toggleable">
        [[!toggleable id="why-failed" text="""
        [[!toggle id="why-failed" text="X"]]
        <p>Most likely, the verification failed because of an error
        or interruption during the download.</p>

        <p>The verification also fails if you try to verify a different
        download than the latest version (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>).</p>

        <p>Less likely, the verification might have failed because
        of a malicious download from our download mirrors or due to
        a network attack in your country or local network.</p>

        <p>Downloading again is usually enough to fix this
        problem.</p>
106

sajolida's avatar
sajolida committed
107
108
        <p>[[How does the verification work?|contribute/design/verification_extension]]</p>
        """]]
109
        </div>
sajolida's avatar
sajolida committed
110
111
112
113
        <p class="usb upgrade download-only-img"><a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img-again" class="use-mirror-pool-on-retry">Please try to download again&hellip;</a></p>
        <p class="dvd vm download-only-iso"><a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso-again" class="use-mirror-pool-on-retry">Please try to download again&hellip;</a></p>
      </div>
      <div id="verification-failed-again" class="block">
sajolida's avatar
sajolida committed
114
        <p>[[!img lib/cross.png class="icon" link="no" alt=""]]<b>Verification failed again!</b></p>
sajolida's avatar
sajolida committed
115
116
117
118
119
120
121
122
123
124
125
126
        <p class="floating-toggleable-link why-failed-again-link">[[!toggle id="why-failed-again" text="Why?"]]</p>
        <div id="why-failed-again" class="floating-toggleable">
        [[!toggleable id="why-failed-again" text="""
        [[!toggle id="why-failed-again" text="X"]]
        <p>The verification might have failed again because of:</p>
        <ul>
          <li>A software problem in our verification code</li>
          <li>A malicious download from our download mirrors</li>
          <li>A network attack in your country or local network</li>
        </ul>
        <p>Trying from a different place or a different computer might solve any of these issues.</p>
        """]]
127
        </div>
sajolida's avatar
sajolida committed
128
        <p>Please try to download again from a different place or a different computer&hellip;</p>
129
      </div>
sajolida's avatar
sajolida committed
130
131
132
133
      <div id="verification-error" class="block">
        <p>[[!img lib/cross.png class="icon" link="no" alt=""]]<b>Error reading file <em><span class="verify-filename">$FILENAME</span></em>.</b></p>
        <p>Make sure that <em><span class="verify-filename">$FILENAME</span></em> is readable by your browser. In Tails, copy it to the <em>Tor Browser</em> folder.</p>
      </div>
134
    </div>
sajolida's avatar
sajolida committed
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
  </div>

  <div id="step-continue">
    <h3><span class="step-number"><span class="usb upgrade">1.</span>3</span>Continue
      <span class="usb">installing</span>
      <span class="upgrade">upgrading</span>
      <span class="download-only-img download-only-iso">installing or upgrading</span></h3>
  </div>
  <div id="continue-link" class="indent">
    <div id="skip-download">
      <span class="windows">[[Skip download|win/usb]]</span>
      <span class="linux">[[Skip download|linux/usb]]</span>
      <span class="mac">[[Skip download|mac/usb]]</span>
      <span class="dvd">[[Skip download|dvd]]</span>
      <span class="vm">[[Skip download|doc/advanced_topics/virtualization]]</span>
      <span class="upgrade-tails">[[Skip download|upgrade/tails]]</span>
      <span class="upgrade-windows">[[Skip download|upgrade/win]]</span>
      <span class="upgrade-mac">[[Skip download|upgrade/mac]]</span>
      <span class="upgrade-linux">[[Skip download|upgrade/linux]]</span>
      <span class="download-only-img download-only-iso">[[Skip download|doc#install]]</span>
155
    </div>
sajolida's avatar
sajolida committed
156
157
158
159
160
161
162
163
164
165
166
167
168
    <div id="skip-verification">
      <p>[[!img icons/dialog-warning-small.png class="icon" link="no" alt=""]]
        <span class="windows">[[Skip verification!|win/usb]]</span>
        <span class="linux">[[Skip verification!|linux/usb]]</span>
        <span class="mac">[[Skip verification!|mac/usb]]</span>
        <span class="dvd">[[Skip verification!|dvd]]</span>
        <span class="vm">[[Skip verification!|doc/advanced_topics/virtualization]]</span>
        <span class="upgrade-tails">[[Skip verification!|upgrade/tails]]</span>
        <span class="upgrade-windows">[[Skip verification!|upgrade/win]]</span>
        <span class="upgrade-mac">[[Skip verification!|upgrade/mac]]</span>
        <span class="upgrade-linux">[[Skip verification!|upgrade/linux]]</span>
        <span class="download-only-img download-only-iso">[[Skip verification|doc#install]]</span>
      </p>
sajolida's avatar
sajolida committed
169
    </div>
sajolida's avatar
sajolida committed
170
171
172
173
174
175
176
177
178
179
    <div id="next" class="inline-block">
      <div class="windows">[[<div class="button">Next: Install Tails (<span class="next-counter"></span>)</div>|win/usb]]</div>
      <div class="linux">[[<div class="button">Next: Install Tails (<span class="next-counter"></span>)</div>|linux/usb]]</div>
      <div class="mac">[[<div class="button">Next: Install Tails (<span class="next-counter"></span>)</div>|mac/usb]]</div>
      <div class="upgrade-tails">[[<div class="button">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/tails]]</div>
      <div class="upgrade-windows">[[<div class="button">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/win]]</div>
      <div class="upgrade-mac">[[<div class="button">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/mac]]</div>
      <div class="upgrade-linux">[[<div class="button">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/linux]]</div>
      <div class="dvd">[[<div class="button">Next: Burning Tails on a DVD</div>|dvd]]</div>
      <div class="vm">[[<div class="button">Next: Virtualization</div>|doc/advanced_topics/virtualization]]</div>
sajolida's avatar
sajolida committed
180
181
      <div class="download-only-img">
        <p>Upgrade your Tails USB stick and keep your Persistent Storage:</p>
182
        <ul>
sajolida's avatar
sajolida committed
183
184
185
186
187
188
189
190
191
192
          <li>[[Upgrade from your Tails|upgrade/tails]]</li>
          <li>[[Upgrade from Windows|upgrade/win]]</li>
          <li>[[Upgrade from macOS|upgrade/mac]]</li>
          <li>[[Upgrade from Linux|upgrade/linux]]</li>
        </ul>
        <p>Install a new USB stick:</p>
        <ul>
          <li>[[Install from Windows|install/win/usb]]</li>
          <li>[[Install from macOS|install/mac/usb]]</li>
          <li>[[Install from Linux|install/linux/usb]]</li>
193
194
        </ul>
      </div>
sajolida's avatar
sajolida committed
195
196
197
198
199
200
201
202
203
204
205
206
207
      <ul class="download-only-iso">
        <li>[[Burn on a DVD|dvd]]</li>
        <li>[[Run in a virtual machine|doc/advanced_topics/virtualization]]</li>
      </ul>
    </div>
  </div>
</div> <!-- Supported browser & No JS -->

<div class="outdated-browser unsupported-browser">
  <p>You are using <u><b><span id="detected-browser">$DETECTED-BROWSER</span></b></u>.</p>
  <p>Direct download is only available for:</p>
  <ul>
    <li>Firefox <span id="min-version-firefox">$MINVER-FIREFOX</span> and later (<a href="https://www.mozilla.org/firefox/new/">Download</a>)</li>
sajolida's avatar
sajolida committed
208
    <li>Chrome <span id="min-version-chrome">$MINVER-CHROME</span> and later (<a href="https://www.google.com/chrome/">Download</a>)</li>
sajolida's avatar
sajolida committed
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
    <li>Tor Browser <span id="min-version-tor-browser">$MINVER-TOR-BROWSER</span> and later (<a href="https://www.torproject.org/download/">Download</a>)</li>
  </ul>
</div>
<div class="outdated-browser">
  <p>Please update your browser to the latest version.</p>
</div>
<div class="unsupported-browser">
  <div class="caution">
    <p><b>For your security,<br/>always verify your download!</b></p>
    <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-unsupported" text="Why?"]]</p>
    <div id="why-verify-unsupported" class="floating-toggleable">
    [[!toggleable id="why-verify-unsupported" text="""
    [[!toggle id="why-verify-unsupported" text="X"]]
    <p>With an unverified download, you might:</p>
    <ul>
      <li>Lose time if your download is incomplete or broken due to an error during the download.
          This is quite frequent.</li>
      <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
          <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
      <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
          <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
    </ul>
    <p>[[How does the verification work?|contribute/design/verification_extension]]</p>
    """]]
    </div>
  </div>
  <p>Copy and paste this link in Firefox, Chrome, or Tor Browser:</p>
  <p class="windows"><code>https://tails.boum.org/install/win/usb-download/</code></p>
  <p class="linux"><code>https://tails.boum.org/install/linux/usb-download/</code></p>
  <p class="mac"><code>https://tails.boum.org/install/mac/usb-download/</code></p>
  <p class="upgrade-tails"><code>https://tails.boum.org/upgrade/tails-download/</code></p>
  <p class="upgrade-windows"><code>https://tails.boum.org/upgrade/win-download/</code></p>
  <p class="upgrade-mac"><code>https://tails.boum.org/upgrade/mac-download/</code></p>
  <p class="upgrade-linux"><code>https://tails.boum.org/upgrade/linux-download/</code></p>
  <p class="dvd"><code>https://tails.boum.org/install/dvd-download/</code></p>
  <p class="vm"><code>https://tails.boum.org/install/vm-download/</code></p>
  <p class="download-only-img"><code>https://tails.boum.org/install/download/</code></p>
  <p class="download-only-iso"><code>https://tails.boum.org/install/download-iso/</code></p>
247
248
249
250
251
252
253
</div>
<div class="outdated-browser unsupported-browser">
<p>You can also download using
  <span class="usb upgrade download-only-img"><a href="[[!inline pages="inc/stable_amd64_img_torrent_url" raw="yes" sort="age"]]">BitTorrent</a>.</span>
  <span class="dvd vm download-only-iso"><a href="[[!inline pages="inc/stable_amd64_iso_torrent_url" raw="yes" sort="age"]]">BitTorrent</a>.</span>
</p>
</div>
254
255
256
257
258
259

<div id="openpgp">

<h2>Verify using OpenPGP (optional)</h2>

<p>If you know OpenPGP, you can also verify your download using an
260
OpenPGP signature instead of, or in addition to, our verification in the browser or
261
262
BitTorrent.</p>

cbrownstein's avatar
cbrownstein committed
263
<p>Download the
sajolida's avatar
sajolida committed
264
<a class="usb upgrade download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
cbrownstein's avatar
cbrownstein committed
265
266
267
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288

<h3>Basic OpenPGP verification</h3>

[[!toggle id="basic-openpgp" text="See instructions for basic OpenPGP verification."]]

[[!toggleable id="basic-openpgp" text="""
<span class="hide">[[!toggle id="basic-openpgp" text=""]]</span>

<p>This section provides simplified instructions:</p>

<ul>
  <li><a href="#windows">In Windows with <span class="application">Gpg4win</span></a></li>
  <li><a href="#mac">In macOS with <span class="application">GPGTools</span></a></li>
  <li><a href="#tails">In Tails</a></li>
  <li><a href="#command-line">Using the command line</a></li>
</ul>

<a id="windows"></a>

<h3>In Windows with <span class="application">Gpg4win</span></h3>

sajolida's avatar
sajolida committed
289
<ol>
290
291
  <li>
    <p>Download the
sajolida's avatar
sajolida committed
292
    <a class="usb upgrade download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
293
294
295
296
297
    <a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
    and save it to the same folder where
    you saved the image.</p>
  </li>

sajolida's avatar
sajolida committed
298
299
300
  <li>
    <p>Download the [[Tails signing key|tails-signing.key]] and import it into
    <span class="application">Gpg4win</span>.</p>
301

sajolida's avatar
sajolida committed
302
303
304
    <p>See the [[<span class="application">Gpg4win</span> documentation on
    importing keys|https://www.gpg4win.org/doc/en/gpg4win-compendium_15.html]].</p>
  </li>
305

sajolida's avatar
sajolida committed
306
  <li>
sajolida's avatar
sajolida committed
307
308
    <p>Verify the signature of the image that you downloaded.</p>

sajolida's avatar
sajolida committed
309
310
    <p>See the [[<span class="application">Gpg4win</span> documentation on
    verifying signatures|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]].</p>
311

sajolida's avatar
sajolida committed
312
313
    <p>Verify that the date of the signature is at most five days earlier than
    the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
314

sajolida's avatar
sajolida committed
315
    <p>If the following warning appears:</p>
316

sajolida's avatar
sajolida committed
317
318
319
320
321
    <pre>
    Not enough information to check the signature validity.
    Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
    The validity of the signature cannot be verified.
    </pre>
322

sajolida's avatar
sajolida committed
323
324
325
326
327
    <p>Then the image is still correct according to the signing key that you
    downloaded. To remove this warning you need to <a href="#wot">authenticate the
    signing key through the OpenPGP Web of Trust</a>.</p>
  </li>
</ol>
328
329
330
331
332
333

<a id="mac"></a>

<h3>In macOS using <span class="application">GPGTools</span></h3>

<ol>
334
335
  <li>
    <p>Download the
sajolida's avatar
sajolida committed
336
    <a class="usb upgrade download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
337
338
339
340
341
    <a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
    and save it to the same folder where
    you saved the image.</p>
  </li>

cbrownstein's avatar
cbrownstein committed
342
343
344
345
346
347
  <li>
   <p>Download the [[Tails signing key|tails-signing.key]] and import it into
   <span class="application">GPGTools</span>.</p>
   <p>See the [[<span class="application">GPGTools</span> documentation on
   importing keys|https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/how-to-find-public-keys-of-your-friends-and-import-them#import-key-file]].</p>
  </li>
348
  <li>
349
350
   <p>Open <span class="application">Finder</span> and navigate to the
   folder where you saved the image and the signature.</p>
351
352
353
  </li>

  <li>
354
   <p>Control-click on the image and choose
355
356
   <span class="guimenuchoice">
     <span class="guisubmenu">Services</span>
357
     <span class="guimenuitem">OpenPGP: Verify Signature of File</span></span>.</p>
358
359
360
361
362
363
364
  </li>
</ol>

<a id="tails"></a>

<h3>In Tails</h3>

365
366
<p>Tails comes with the Tails signing key already imported.</p>

367
<ol>
368
369
  <li>
    <p>Download the
sajolida's avatar
sajolida committed
370
    <a class="usb upgrade download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
371
372
373
374
375
    <a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
    and save it to the same folder where
    you saved the image.</p>
  </li>

376
  <li>
377
378
   <p>Open the file browser and navigate to the folder where you saved the
   image and the signature.</p>
379
380
381
  </li>

  <li>
382
383
   <p>Right-click (on Mac, click with two fingers) on the signature and choose <span class="guimenuitem">Open With
   Verify Signature</span>.</p>
384
385
386
  </li>

  <li>
387
   <p>The verification of the image starts automatically:</p>
388
389
390
391
392

   <p>[[!img install/inc/screenshots/verifying_in_tails.png link="no"]]</p>
  </li>

  <li>
393
394
   <p>After the verification finishes, you should see a notification that the
   signature is good:</p>
395

sajolida's avatar
sajolida committed
396
   <p class="usb upgrade download-only-img">[[!img install/inc/screenshots/verifying_in_tails_img_good.png link="no"]]</p>
397
   <p class="dvd vm download-only-iso">[[!img install/inc/screenshots/verifying_in_tails_iso_good.png link="no"]]</p>
398
399
400

   <p>Verify that the date of the signature is at most five days earlier
   than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
401
402
403

   <p>If instead, you see a notification that the signature is valid but untrusted:</p>

sajolida's avatar
sajolida committed
404
   <p class="usb upgrade download-only-img">[[!img install/inc/screenshots/verifying_in_tails_img_untrusted.png link="no"]]</p>
405
406
407
408
409
   <p class="dvd vm download-only-iso">[[!img install/inc/screenshots/verifying_in_tails_iso_untrusted.png link="no"]]</p>

   <p>Then the image is still correct according to the signing key that you
   downloaded. To remove this warning you need to <a href="#wot">authenticate
   the signing key through the OpenPGP Web of Trust</a>.</p>
410
411
412
413
414
415
416
  </li>
</ol>

<a id="command-line"></a>

<h3>Using the command line</h3>

417

418
<ol>
419
420
  <li>
    <p>Download the
sajolida's avatar
sajolida committed
421
    <a class="usb upgrade download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
422
423
424
425
    <a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
    and save it to the same folder where
    you saved the image.</p>
  </li>
426
427

  <li>
428
429
430
431
432
433
434
435
436
437
438
439
    <p>Download the [[Tails signing key|tails-signing.key]] and import it into
    <span class="application">GnuPGP</span>.</p>

    <p>To import the Tails signing key into
    <span class="application">GnuPGP</span>, open a terminal and navigate to
    the folder where you saved the Tails signing key.</p>

    <p>Execute:</p>

    <p class="pre">gpg --import tails-signing.key</p>
  </li>
  <li>
440
441
   <p>In a terminal, navigate to the folder where you saved the
   image and the signature.</p>
442
443
444
445
446
  </li>

  <li>
   <p>Execute:</p>

sajolida's avatar
sajolida committed
447
   <p class="usb upgrade download-only-img pre">[[!inline pages="inc/stable_amd64_img_gpg_verify" raw="yes" sort="age"]]</p>
448
449
450
451
   <p class="dvd vm download-only-iso pre">[[!inline pages="inc/stable_amd64_iso_gpg_verify" raw="yes" sort="age"]]</p>

   <p>The output of this command should be the following:</p>

sajolida's avatar
sajolida committed
452
   <p class="usb upgrade download-only-img pre">[[!inline pages="inc/stable_amd64_img_gpg_signature_output" raw="yes" sort="age"]]</p>
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
   <p class="dvd vm download-only-iso pre">[[!inline pages="inc/stable_amd64_iso_gpg_signature_output" raw="yes" sort="age"]]</p>

   <p>Verify that the date of the signature is at most five days
   earlier than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>

   <p>If the output also includes:</p>

   <p class="pre">
   gpg: WARNING: This key is not certified with a trusted signature!<br/>
   gpg:          There is no indication that the signature belongs to the owner.<br/>
   </p>

   <p>Then the image is still correct according to the signing key that you
   downloaded. To remove this warning you need to <a href="#wot">authenticate
   the signing key through the OpenPGP Web of Trust</a>.</p>
  </li>

</ol>

"""]]

<a id="wot"></a>

<h3>Authenticate the signing key through the OpenPGP Web of Trust</h3>

<p>Authenticating our signing key through the OpenPGP Web of Trust is
the only way that you can be protected in case our website is
compromised or if you are a victim of a [[man-in-the-middle attack|doc/about/warning#man-in-the-middle]].
However, it is complicated to do and it might not be
possible for everyone because it relies on trust relationships between
individuals.</p>

[[!toggle id="web-of-trust" text="Read more about authenticating the Tails signing key through the OpenPGP Web of Trust."]]

[[!toggleable id="web-of-trust" text="""
<span class="hide">[[!toggle id="web-of-trust" text=""]]</span>

490
<p>The verification techniques that we present (verification in the browser,
491
492
493
494
BitTorrent, or OpenPGP verification) all rely on some
information being securely downloaded using HTTPS from our website:</p>

<ul>
495
  <li>The <em>checksum</em> for the verification in the browser</li>
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
  <li>The <em>Torrent file</em> for BitTorrent</li>
  <li>The <em>Tails signing key</em> for OpenPGP verification</li>
</ul>

<p>It is possible that you could download malicious information if our
website is compromised or if you are a victim of a man-in-the-middle
attack.</p>

<p>OpenPGP verification is the only technique that protects you if
our website is compromised or if you are a victim of a man-in-the-middle
attack. But, for that you need to authenticate the Tails signing key
through the OpenPGP Web of Trust.</p>

<div class="note">

<p>If you are verifying an image from inside Tails, for
example, to do a manual upgrade, then you already have the Tails signing key.
You can trust this signing key as much as you already trust your
Tails installation since this signing key is included in your Tails
installation.</p>

</div>

<p>One of the inherent problems of standard HTTPS is that the trust put
in a website is defined by certificate authorities: a hierarchical and closed
set of companies and governmental institutions approved by your web browser vendor.
This model of trust has long been criticized and proved several times to be
vulnerable to attacks [[as explained on our warning page|doc/about/warning#man-in-the-middle]].</p>

<p>We believe that, instead, users should be given the final say when trusting a
website, and that designation of trust should be done on the basis of human
interactions.</p>

<p>The OpenPGP [[!wikipedia Web_of_Trust]] is a
decentralized trust model based on OpenPGP keys that can help with solving
this problem. Let's see this with an example:</p>

<ol>
  <li>
   <em>You are friends with Alice and you really trust her way of making sure
   that OpenPGP keys actually belong to their owners.</em>
  </li>

  <li>
   <em>Alice met Bob, a Tails developer, in a conference and certified
   Bob's key as actually belonging to Bob.</em>
  </li>

  <li>
    <em>Bob is a Tails developer who directly owns the Tails signing key. So,
    Bob has certified the Tails signing key as actually belonging to Tails.</em>
  </li>
</ol>

<p>In this scenario, you found, through Alice and Bob, a path to trust the Tails signing key
without the need to rely on certificate authorities.</p>

<div class="tip">

<p>If you are on Debian, Ubuntu, or Linux Mint, you can install the
<code>debian-keyring</code> package which contains the OpenPGP keys of
all Debian developers. Some Debian developers have certified the Tails
signing key and you can use these certifications to build a trust path.
This technique is explained in detail in our instructions on
[[installing Tails from Debian, Ubuntu, or Linux Mint using the command
line|install/expert/usb]].</p>

</div>

<p>Relying on the Web of Trust requires both caution and intelligent supervision
by the users. The technical details are outside of the scope of this document.</p>

<p>Since the Web of Trust is based on actual human relationships and
real-life interactions, it is best to get in touch with people
knowledgeable about OpenPGP and build trust relationships in order to
find your own trust path to the Tails signing key.</p>

<p>For example, you can start by contacting a local [[!wikipedia Linux_User_Group]],
[[an organization offering Tails training|support/learn]], or other Tails
enthusiasts near you and exchange about their OpenPGP practices.</p>

<div class="tip">

<p>After you build a trust path, you can certify the Tails signing key by
signing it with your own key to get rid of some warnings during the
verification process.</p>

</div>

"""]]

</div>