download.inline.html 27.9 KB
Newer Older
sajolida's avatar
sajolida committed
1
<div id="activate-tails-verification"></div> <!-- Needed to activate the verification extension -->
2
<div id="extension-version">1.0</div> <!-- Minimum version of the extension -->
sajolida's avatar
sajolida committed
3
<div id="tails-version">[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</div>
4

5
<h1 class="debian windows linux mac-usb mac-dvd dvd vm upgrade-tails">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</h1>
6

7 8
<div class="row">

9
  <div id="direct-download" class="col-md-6"> <!-- Direct download -->
10 11
    <h2>Direct download</h2>

12
    <div class="supported-browser no-js">
13 14
      <div id="step-download-iso">
        <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>1</span>Download Tails</h3>
15
        <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso" class="use-mirror-pool btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_iso_size" raw="yes" sort="age"]]</span>)</a>
16
        <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso" class="use-mirror-pool-on-retry btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_iso_size" raw="yes" sort="age"]]</span>)</a>
17
        <p id="already-downloaded" class="indent"><a>I already downloaded Tails <span class="remove-extra-space">&nbsp;[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>.</a></p>
18
      </div>
19

20
      <div id="step-verify-direct">
sajolida's avatar
sajolida committed
21
        <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>2</span>Verify your download using your browser</h3>
22
        <div class="caution indent">
23
          <p><b>For your security,<br/>always verify your download!</b></p>
24
          <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-supported" text="Why?"]]</p>
25 26 27
          <div id="why-verify-supported" class="floating-toggleable">
          [[!toggleable id="why-verify-supported" text="""
          [[!toggle id="why-verify-supported" text="X"]]
28
          <p>With an unverified download, you might:</p>
29
          <ul>
30
            <li>Lose time if your download is incomplete or broken due to an error during the download.
31
                This is quite frequent.</li>
32
            <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
33
                <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
34
            <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
35 36
                <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
          </ul>
cbrownstein's avatar
cbrownstein committed
37
          <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
38 39
          """]]
          </div>
40
          <p>Our browser extension makes it quick and easy.</p>
41
        </div>
42
        <div id="install-extension" class="indent">
43
          <a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn supported-browser firefox btn btn-primary inline-block">Install <u>Tails Verification</u> extension</a>
44
          <a href="https://chrome.google.com/webstore/detail/tails-verification/gaghffbplpialpoeclgjkkbknblfajdl" class="install-extension-btn supported-browser chrome btn btn-primary inline-block" target="_blank">Install <u>Tails Verification</u> extension</a>
45 46 47 48 49
          <div class="no-js">
            <p>You seem to have JavaScript disabled. To use our browser
               extension, please allow all this page:</p>
            [[!img screenshots/allow_js.png link="no"]]
          </div>
50
        </div>
51 52
        <div id="update-extension" class="indent block">
          <p>Your extension is an older version.</p>
53
          <a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn firefox btn btn-primary inline-block">Update extension</a>
54
          <a href="https://chrome.google.com/webstore/detail/tails-verification/gaghffbplpialpoeclgjkkbknblfajdl" class="install-extension-btn chrome btn btn-primary inline-block" target="_blank">Update extension</a>
55 56
        </div>
        <div id="verification" class="indent block">
sajolida's avatar
sajolida committed
57
          <p id="extension-installed" class="block"><u>Tails Verification</u> extension installed!</p>
58
          <label id="verify-download-wrapper" class="btn btn-primary inline-block">
59
            Verify Tails <span class="remove-extra-space">&nbsp;[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>&hellip;
60 61
            <input id="verify-download" type="file"/>
          </label>
sajolida's avatar
sajolida committed
62
          <div id="verifying-download" class="indent block">
63
            <p>Verifying <span id="filename">$FILENAME</span>&hellip;</p>
sajolida's avatar
sajolida committed
64 65 66 67
            <div class="progress">
              <div id="progress-bar" class="progress-bar" role="progressbar" style="width: 0%" aria-valuenow="0" aria-valuemin="0" aria-valuemax="100"></div>
            </div>
          </div>
68
          <p id="verification-successful" class="block">Verification successful!</p>
69
          <div id="verification-failed" class="block">
70
            <p><b>Verification failed!</b></p>
71
            <p class="floating-toggleable-link why-failed-link">[[!toggle id="why-failed" text="Why?"]]</p>
72 73 74 75 76 77
            <div id="why-failed" class="floating-toggleable">
            [[!toggleable id="why-failed" text="""
            [[!toggle id="why-failed" text="X"]]
            <p>Most likely, the verification failed because of an error
            or interruption during the download.</p>

78 79 80
	    <p>The verification also fails if you try to verify a different
            download than the latest version (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>).</p>

81 82 83 84 85 86
            <p>Less likely, the verification might have failed because
            of a malicious download from our download mirrors or due to
            a network attack in your country or local network.</p>

            <p>Downloading again is usually enough to fix this
            problem.</p>
87

cbrownstein's avatar
cbrownstein committed
88
            <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
89 90
            """]]
            </div>
91
            <p><a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso-again" class="use-mirror-pool-on-retry">Please try to download again&hellip;</a></p>
92
          </div>
93
          <div id="verification-failed-again" class="block">
94
            <p><b>Verification failed again!</b></p>
95
            <p class="floating-toggleable-link why-failed-again-link">[[!toggle id="why-failed-again" text="Why?"]]</p>
96 97 98 99 100 101 102 103 104 105 106 107
            <div id="why-failed-again" class="floating-toggleable">
            [[!toggleable id="why-failed-again" text="""
            [[!toggle id="why-failed-again" text="X"]]
            <p>The verification might have failed again because of:</p>
            <ul>
              <li>A software problem in our verification extension</li>
              <li>A malicious download from our download mirrors</li>
              <li>A network attack in your country or local network</li>
            </ul>
            <p>Trying from a different place or a different computer might solve any of these issues.</p>
            """]]
            </div>
108
            <p>Please try to download again from a different place or a different computer&hellip;</p>
109 110
          </div>
        </div>
111 112
      </div>

113
      <div id="step-continue-direct">
sajolida's avatar
sajolida committed
114
        <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>3</span>Continue
115 116 117
          <span class="debian windows linux mac-usb mac-dvd">installing</span>
          <span class="upgrade-tails">upgrading</span>
          <span class="download-only">installing or upgrading</span></h3>
118
      </div>
119
      <div id="continue-link-direct" class="indent">
120 121 122 123 124 125
        <div id="skip-download-direct">
          <span class="debian">[[Skip download|debian/usb]]</span>
          <span class="windows">[[Skip download|win/usb]]</span>
          <span class="linux">[[Skip download|linux/usb]]</span>
          <span class="mac-usb">[[Skip download|mac/usb]]</span>
          <span class="mac-dvd">[[Skip download|mac/dvd]]</span>
126 127
          <span class="dvd">[[Skip download|dvd]]</span>
          <span class="vm">[[Skip download|doc/advanced_topics/virtualization]]</span>
128 129
          <span class="upgrade-tails">[[Skip download|upgrade/tails]]</span>
        </div>
130
        <div id="skip-verification-direct" class="block">
sajolida's avatar
sajolida committed
131 132 133 134 135 136 137 138
          <div class="debian">[[Skip verification!|debian/usb]]</div>
          <div class="windows">[[Skip verification!|win/usb]]</div>
          <div class="linux">[[Skip verification!|linux/usb]]</div>
          <div class="mac-usb">[[Skip verification!|mac/usb]]</div>
          <div class="mac-dvd">[[Skip verification!|mac/dvd]]</div>
          <div class="dvd">[[Skip verification!|dvd]]</div>
          <div class="vm">[[Skip verification!|doc/advanced_topics/virtualization]]</div>
          <div class="upgrade-tails">[[Skip verification!|upgrade/tails]]</div>
139
        </div>
140
        <div id="next-direct">
141 142 143 144 145 146 147 148
          <div class="debian">[[<div class="btn btn-primary inline-block">Next: Install <em>Tails Installer</em> (<span class="next-counter"></span>)</div>|debian/usb]]</div>
          <div class="windows">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|win/usb]]</div>
          <div class="linux">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|linux/usb]]</div>
          <div class="mac-usb">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|mac/usb]]</div>
          <div class="mac-dvd">[[<div class="btn btn-primary inline-block">Next: Burn a Tails DVD (<span class="next-counter"></span>)</div>|mac/dvd]]</div>
          <div class="upgrade-tails">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/tails]]</div>
          <div class="dvd">[[<div class="btn btn-primary inline-block">Next: Burning Tails on a DVD</div>|dvd]]</div>
          <div class="vm">[[<div class="btn btn-primary inline-block">Next: Virtualization</div>|doc/advanced_topics/virtualization]]</div>
149
          <ul class="download-only">
sajolida's avatar
sajolida committed
150 151 152 153 154 155 156 157
            <li>[[Install from Windows|install/win/usb]]</li>
            <li>[[Install from Debian, Ubuntu, or Mint|install/debian/usb]]</li>
            <li>[[Install from other Linux distributions|install/linux/usb]]</li>
            <li>[[Install from macOS by burning a DVD first|install/mac/dvd]]</li>
            <li>[[Install from macOS and the command line|install/mac/usb]]</li>
            <li>[[Burn on a DVD|dvd]]</li>
            <li>[[Run in a virtual machine|doc/advanced_topics/virtualization]]</li>
            <li>[[Upgrade inside Tails|upgrade/tails]]</li>
158
          </ul>
159
        </div>
160
      </div>
161
    </div> <!-- Supported browser & No JS -->
162

sajolida's avatar
sajolida committed
163
    <div class="outdated-browser unsupported-browser">
sajolida's avatar
sajolida committed
164 165 166
      <p>You are using <u><b><span id="detected-browser">$DETECTED-BROWSER</span></b></u>.</p>
      <p>Direct download is only available for:</p>
      <ul>
167
        <li>Firefox <span id="min-version-firefox">$MINVER-FIREFOX</span> and later (<a href="https://www.mozilla.org/firefox/new/">Download</a>)</li>
168
        <li>Chrome<span id="min-version-chrome">$MINVER-CHROME</span> and later (<a href="https://www.google.com/chrome/">Download</a>)</li>
169
        <li>Tor Browser <span id="min-version-tor-browser">$MINVER-TOR-BROWSER</span> and later (<a href="https://www.torproject.org/download/download-easy.html">Download</a>)</li>
sajolida's avatar
sajolida committed
170
      </ul>
171 172 173 174 175 176
    </div>
    <div class="outdated-browser">
      <p>Please update your browser to the latest version.</p>
    </div>
    <div class="unsupported-browser">
      <div class="caution">
177
        <p><b>For your security,<br/>always verify your download!</b></p>
178
        <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-unsupported" text="Why?"]]</p>
179 180 181 182 183 184 185 186 187 188 189 190
        <div id="why-verify-unsupported" class="floating-toggleable">
        [[!toggleable id="why-verify-unsupported" text="""
        [[!toggle id="why-verify-unsupported" text="X"]]
        <p>With an unverified download, you might:</p>
        <ul>
          <li>Lose time if your download is incomplete or broken due to an error during the download.
              This is quite frequent.</li>
          <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
              <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
          <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
              <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
        </ul>
cbrownstein's avatar
cbrownstein committed
191
        <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
192 193
        """]]
        </div>
194
        <p>Our browser extension for Firefox, Chrome, and Tor Browser makes this quick and easy.</p>
sajolida's avatar
sajolida committed
195
      </div>
196
      <p>Copy and paste this link in Firefox, Chrome, or Tor Browser:</p>
197 198 199 200 201 202 203 204 205
      <p class="debian"><code>https://tails.boum.org/install/debian/usb-download/</code></p>
      <p class="windows"><code>https://tails.boum.org/install/win/usb-download/</code></p>
      <p class="linux"><code>https://tails.boum.org/install/linux/usb-download/</code></p>
      <p class="mac-usb"><code>https://tails.boum.org/install/mac/usb-download/</code></p>
      <p class="mac-dvd"><code>https://tails.boum.org/install/mac/dvd-download/</code></p>
      <p class="upgrade-tails"><code>https://tails.boum.org/upgrade/tails-download/</code></p>
      <p class="dvd"><code>https://tails.boum.org/install/dvd-download/</code></p>
      <p class="vm"><code>https://tails.boum.org/install/vm-download/</code></p>
      <p class="download-only"><code>https://tails.boum.org/install/download/</code></p>
206 207
    </div> <!-- Outdated browser -->
  </div> <!-- Direct download -->
208

209
  <div id="bittorrent-download" class="col-md-6">
210
    <h2>BitTorrent download</h2>
211
    <p class="floating-toggleable-link what-is-bittorrent-link">[[!toggle id="what-is-bittorrent" text="What is BitTorrent?"]]</p>
212 213 214 215 216 217 218

    <div id="what-is-bittorrent" class="floating-toggleable">
    [[!toggleable id="what-is-bittorrent" text="""
    [[!toggle id="what-is-bittorrent" text="X"]]
    <p>BitTorrent is a peer-to-peer technology for file sharing that makes your
    download faster and easier to resume.</p>

sajolida's avatar
sajolida committed
219
    <p>You need to install BitTorrent software on your computer, like
220 221 222 223 224
    <a href="https://transmissionbt.com/">Transmission</a> (for Windows, macOS, and Linux).</p>

    <p>BitTorrent doesn't work over Tor or in Tails.</p>
    """]]
    </div>
225

226 227
    <div id="step-download-torrent">
      <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>1</span>Download Tails (Torrent file)</h3>
228
      <a href="[[!inline pages="inc/stable_amd64_torrent_url" raw="yes" sort="age"]]" id="download-torrent" class="btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] Torrent file</a>
229
    </div>
230

231
    <div id="step-verify-bittorrent">
sajolida's avatar
sajolida committed
232
      <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>2</span>Verify your download using BitTorrent</h3>
233 234
      <p class="indent">Your BitTorrent client will automatically verify your download when it is complete.</p>
    </div>
235

236
    <div id="step-continue-bittorrent">
sajolida's avatar
sajolida committed
237
      <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>3</span>Continue
238 239 240
          <span class="debian windows linux mac-usb mac-dvd">installing</span>
          <span class="upgrade-tails">upgrading</span>
          <span class="download-only">installing or upgrading</span></h3>
241 242 243 244
      <p class="debian windows linux mac-usb mac-dvd upgrade-tails indent">Open and download
      the Torrent file with your BitTorrent client. It contains the
      Tails [[!inline pages="inc/stable_amd64_version" raw="yes"
      sort="age"]] ISO image that you will use in the next step.</p>
245
    </div>
246
    <div id="continue-link-bittorrent" class="indent">
247 248 249 250 251 252
      <div id="skip-download-bittorrent">
        <span class="debian">[[Skip download|debian/usb]]</span>
        <span class="windows">[[Skip download|win/usb]]</span>
        <span class="linux">[[Skip download|linux/usb]]</span>
        <span class="mac-usb">[[Skip download|mac/usb]]</span>
        <span class="mac-dvd">[[Skip download|mac/dvd]]</span>
sajolida's avatar
sajolida committed
253 254
        <span class="dvd">[[Skip download|dvd]]</span>
        <span class="vm">[[Skip download|doc/advanced_topics/virtualization]]</span>
255 256
        <span class="upgrade-tails">[[Skip download|upgrade/tails]]</span>
      </div>
257
      <div id="next-bittorrent">
258 259 260 261 262 263 264 265
        <div class="debian">[[<div class="btn btn-primary inline-block">Next: Install <em>Tails Installer</em> (<span class="next-counter"></span>)</div>|debian/usb]]</div>
        <div class="windows">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|win/usb]]</div>
        <div class="linux">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|linux/usb]]</div>
        <div class="mac-usb">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|mac/usb]]</div>
        <div class="mac-dvd">[[<div class="btn btn-primary inline-block">Next: Burn a Tails DVD (<span class="next-counter"></span>)</div>|mac/dvd]]</div>
        <div class="upgrade-tails">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/tails]]</div>
        <div class="dvd">[[<div class="btn btn-primary inline-block">Next: Burning Tails on a DVD</div>|dvd]]</div>
        <div class="vm">[[<div class="btn btn-primary inline-block">Next: Virtualization</div>|doc/advanced_topics/virtualization]]</div>
266
        <ul class="download-only">
sajolida's avatar
sajolida committed
267 268 269 270 271 272 273 274
          <li>[[Install from Windows|install/win/usb]]</li>
          <li>[[Install from Debian, Ubuntu, or Mint|install/debian/usb]]</li>
          <li>[[Install from other Linux distributions|install/linux/usb]]</li>
          <li>[[Install from macOS by burning a DVD first|install/mac/dvd]]</li>
          <li>[[Install from macOS and the command line|install/mac/usb]]</li>
          <li>[[Burn on a DVD|dvd]]</li>
          <li>[[Run in a virtual machine|doc/advanced_topics/virtualization]]</li>
          <li>[[Upgrade inside Tails|upgrade/tails]]</li>
275
        </ul>
276
      </div>
277
    </div>
278
  </div> <!-- BitTorrent download -->
279

280
</div>
281

282 283 284
<div id="openpgp">

<h2>Verify using OpenPGP (optional)</h2>
285

286
<p>If you know OpenPGP, you can also verify your download using an
cbrownstein's avatar
cbrownstein committed
287
OpenPGP signature instead of, or in addition to, our browser extension or
288
BitTorrent.</p>
289

sajolida's avatar
sajolida committed
290 291
<ol>
  <li>
292
   <p>Download the [[Tails signing key|tails-signing.key]].</p>
sajolida's avatar
sajolida committed
293
  </li>
294

sajolida's avatar
sajolida committed
295 296
  <li>
   <p>Download the <a href='[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]'>
297 298
   Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] OpenPGP signature</a>
   and save it to the same folder where
sajolida's avatar
sajolida committed
299 300
   you saved the ISO image.</p>
  </li>
301
</ol>
302

303
<h3>Basic OpenPGP verification</h3>
304

305
[[!toggle id="basic-openpgp" text="See instructions for basic OpenPGP verification."]]
306

307 308
[[!toggleable id="basic-openpgp" text="""
<span class="hide">[[!toggle id="basic-openpgp" text=""]]</span>
309

sajolida's avatar
sajolida committed
310
<p>This section provides simplified instructions:</p>
311

sajolida's avatar
sajolida committed
312 313 314 315 316 317
<ul>
  <li><a href="#windows">In Windows with <span class="application">Gpg4win</span></a></li>
  <li><a href="#mac">In macOS with <span class="application">GPGTools</span></a></li>
  <li><a href="#tails">In Tails</a></li>
  <li><a href="#command-line">Using the command line</a></li>
</ul>
318 319 320

<a id="windows"></a>

sajolida's avatar
sajolida committed
321
<h3>In Windows with <span class="application">Gpg4win</span></h3>
322

sajolida's avatar
sajolida committed
323 324
<p>See the [[<span class="application">Gpg4win</span> documentation on
verifying signatures|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]].</p>
325

326
<p>Verify that the date of the signature is at most five days earlier than
327
the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
328

sajolida's avatar
sajolida committed
329
<p>If the following warning appears:</p>
330 331 332 333 334 335 336

<pre>
Not enough information to check the signature validity.
Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
The validity of the signature cannot be verified.
</pre>

sajolida's avatar
sajolida committed
337
<p>Then the ISO image is still correct according to the signing key that you
338
downloaded. To remove this warning you need to <a href="#wot">authenticate the
sajolida's avatar
sajolida committed
339
signing key through the OpenPGP Web of Trust</a>.</p>
340 341 342

<a id="mac"></a>

sajolida's avatar
sajolida committed
343
<h3>In macOS using <span class="application">GPGTools</span></h3>
344

sajolida's avatar
sajolida committed
345 346 347
<ol>
  <li>
   Open <span class="application">Finder</span> and navigate to the
348
   folder where you saved the ISO image and the signature.
sajolida's avatar
sajolida committed
349
  </li>
350

sajolida's avatar
sajolida committed
351 352
  <li>
   Right-click on the ISO image and choose
353 354 355
   <span class="guimenuchoice">
     <span class="guisubmenu">Services</span>
     <span class="guimenuitem">OpenPGP: Verify Signature of File</span></span>.
sajolida's avatar
sajolida committed
356 357
  </li>
</ol>
358 359 360

<a id="tails"></a>

sajolida's avatar
sajolida committed
361
<h3>In Tails</h3>
362

sajolida's avatar
sajolida committed
363 364 365
<ol>
  <li>
   Open the file browser and navigate to the folder where you saved the
366
   ISO image and the signature.
sajolida's avatar
sajolida committed
367
  </li>
368

sajolida's avatar
sajolida committed
369 370
  <li>
   Right-click on the signature and choose <span class="guimenuitem">Open With
371
   Verify Signature</span>.
sajolida's avatar
sajolida committed
372
  </li>
373

sajolida's avatar
sajolida committed
374 375
  <li>
   The verification of the ISO image starts automatically:
376

sajolida's avatar
sajolida committed
377 378
   <p>[[!img install/inc/screenshots/verifying_in_tails.png link="no"]]</p>
  </li>
379

sajolida's avatar
sajolida committed
380
  <li>
381 382
   After the verification finishes, you should see a notification that the
   signature is good:
383

sajolida's avatar
sajolida committed
384
   <p>[[!img install/inc/screenshots/notification_in_tails.png link="no"]]</p>
385

386
   <p>Verify that the date of the signature is at most five days earlier
387
   than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
sajolida's avatar
sajolida committed
388 389
  </li>
</ol>
390 391 392

<a id="command-line"></a>

sajolida's avatar
sajolida committed
393
<h3>Using the command line</h3>
394

sajolida's avatar
sajolida committed
395 396 397 398
<ol>

  <li>
   Open a terminal and navigate to the folder where you saved the ISO
399
   image and the signature.
sajolida's avatar
sajolida committed
400
  </li>
401

sajolida's avatar
sajolida committed
402 403
  <li>
   <p>Execute:</p>
404 405 406

   <p class="pre">[[!inline pages="inc/stable_amd64_gpg_verify" raw="yes" sort="age"]]</p>

sajolida's avatar
sajolida committed
407
   <p>The output of this command should be the following:</p>
408 409 410

   <p class="pre">[[!inline pages="inc/stable_amd64_gpg_signature_output" raw="yes" sort="age"]]</p>

411
   <p>Verify that the date of the signature is at most five days
412
   earlier than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
413

sajolida's avatar
sajolida committed
414
   <p>If the output also includes:</p>
415

sajolida's avatar
sajolida committed
416 417 418 419
   <p class="pre">
   gpg: WARNING: This key is not certified with a trusted signature!<br/>
   gpg:          There is no indication that the signature belongs to the owner.<br/>
   </p>
420

sajolida's avatar
sajolida committed
421
   <p>Then the ISO image is still correct according to the signing key that you
422
   downloaded. To remove this warning you need to <a href="#wot">authenticate
sajolida's avatar
sajolida committed
423 424
   the signing key through the OpenPGP Web of Trust</a>.</p>
  </li>
425

sajolida's avatar
sajolida committed
426 427
</ol>

428 429
"""]]

430 431
<a id="wot"></a>

432
<h3>Authenticate the signing key through the OpenPGP Web of Trust</h3>
433

434
<p>Authenticating our signing key through the OpenPGP Web of Trust is
cbrownstein's avatar
cbrownstein committed
435
the only way that you can be protected in case our website is
436 437
compromised or if you are a victim of a [[man-in-the-middle attack|doc/about/warning#man-in-the-middle]].
However, it is complicated to do and it might not be
cbrownstein's avatar
cbrownstein committed
438 439
possible for everyone because it relies on trust relationships between
individuals.</p>
440 441 442 443 444 445

[[!toggle id="web-of-trust" text="Read more about authenticating the Tails signing key through the OpenPGP Web of Trust."]]

[[!toggleable id="web-of-trust" text="""
<span class="hide">[[!toggle id="web-of-trust" text=""]]</span>

cbrownstein's avatar
cbrownstein committed
446
<p>The verification techniques that we present (browser extension,
447
BitTorrent, or OpenPGP verification) all rely on some
sajolida's avatar
sajolida committed
448
information being securely downloaded using HTTPS from our website:</p>
449

sajolida's avatar
sajolida committed
450 451 452
<ul>
  <li>The <em>checksum</em> for the Firefox extension</li>
  <li>The <em>Torrent file</em> for BitTorrent</li>
cbrownstein's avatar
cbrownstein committed
453
  <li>The <em>Tails signing key</em> for OpenPGP verification</li>
sajolida's avatar
sajolida committed
454
</ul>
455

cbrownstein's avatar
cbrownstein committed
456
<p>It is possible that you could download malicious information if our
457 458
website is compromised or if you are a victim of a man-in-the-middle
attack.</p>
459

sajolida's avatar
Shorten  
sajolida committed
460
<p>OpenPGP verification is the only technique that protects you if
cbrownstein's avatar
cbrownstein committed
461
our website is compromised or if you are a victim of a man-in-the-middle
462
attack. But, for that you need to authenticate the Tails signing key
cbrownstein's avatar
cbrownstein committed
463
through the OpenPGP Web of Trust.</p>
464 465 466

<div class="note">

cbrownstein's avatar
cbrownstein committed
467 468 469
<p>If you are verifying an ISO image from inside Tails, for
example, to do a manual upgrade, then you already have the Tails signing key.
You can trust this signing key as much as you already trust your
sajolida's avatar
sajolida committed
470 471
Tails installation since this signing key is included in your Tails
installation.</p>
472 473 474

</div>

cbrownstein's avatar
cbrownstein committed
475
<p>One of the inherent problems of standard HTTPS is that the trust put
476 477 478
in a website is defined by certificate authorities: a hierarchical and closed
set of companies and governmental institutions approved by your web browser vendor.
This model of trust has long been criticized and proved several times to be
sajolida's avatar
sajolida committed
479
vulnerable to attacks [[as explained on our warning page|doc/about/warning#man-in-the-middle]].</p>
480

sajolida's avatar
sajolida committed
481
<p>We believe that, instead, users should be given the final say when trusting a
482
website, and that designation of trust should be done on the basis of human
sajolida's avatar
sajolida committed
483
interactions.</p>
484

sajolida's avatar
sajolida committed
485
<p>The OpenPGP [[!wikipedia Web_of_Trust]] is a
cbrownstein's avatar
cbrownstein committed
486
decentralized trust model based on OpenPGP keys that can help with solving
sajolida's avatar
sajolida committed
487
this problem. Let's see this with an example:</p>
488

sajolida's avatar
sajolida committed
489 490
<ol>
  <li>
cbrownstein's avatar
cbrownstein committed
491 492
   <em>You are friends with Alice and you really trust her way of making sure
   that OpenPGP keys actually belong to their owners.</em>
sajolida's avatar
sajolida committed
493
  </li>
494

sajolida's avatar
sajolida committed
495
  <li>
cbrownstein's avatar
cbrownstein committed
496
   <em>Alice met Bob, a Tails developer, in a conference and certified
497
   Bob's key as actually belonging to Bob.</em>
sajolida's avatar
sajolida committed
498
  </li>
499

sajolida's avatar
sajolida committed
500
  <li>
cbrownstein's avatar
cbrownstein committed
501
    <em>Bob is a Tails developer who directly owns the Tails signing key. So,
502
    Bob has certified the Tails signing key as actually belonging to Tails.</em>
sajolida's avatar
sajolida committed
503 504
  </li>
</ol>
505

sajolida's avatar
sajolida committed
506
<p>In this scenario, you found, through Alice and Bob, a path to trust the Tails signing key
sajolida's avatar
sajolida committed
507
without the need to rely on certificate authorities.</p>
508 509 510 511 512 513 514 515 516 517 518 519 520

<div class="tip">

<p>If you are on Debian, Ubuntu, or Linux Mint, you can install the
<code>debian-keyring</code> package which contains the OpenPGP keys of
all Debian developers. Some Debian developers have certified the Tails
signing key and you can use these certifications to build a trust path.
This technique is explained in detail in our instructions on
[[installing Tails from Debian, Ubuntu, or Linux Mint using the command
line|install/expert/usb]].</p>

</div>

sajolida's avatar
sajolida committed
521 522
<p>Relying on the Web of Trust requires both caution and intelligent supervision
by the users. The technical details are outside of the scope of this document.</p>
523

cbrownstein's avatar
cbrownstein committed
524 525
<p>Since the Web of Trust is based on actual human relationships and
real-life interactions, it is best to get in touch with people
526
knowledgeable about OpenPGP and build trust relationships in order to
sajolida's avatar
sajolida committed
527
find your own trust path to the Tails signing key.</p>
528

sajolida's avatar
sajolida committed
529
<p>For example, you can start by contacting a local [[!wikipedia Linux_User_Group]],
530
[[an organization offering Tails training|support/learn]], or other Tails
sajolida's avatar
sajolida committed
531
enthusiasts near you and exchange about their OpenPGP practices.</p>
532 533 534

<div class="tip">

cbrownstein's avatar
cbrownstein committed
535
<p>After you build a trust path, you can certify the Tails signing key by
536 537 538 539 540
signing it with your own key to get rid of some warnings during the
verification process.</p>

</div>

541
"""]]
542 543

</div>