download.inline.html 35.2 KB
Newer Older
1 2 3 4
<div id="activate-tails-verification"></div> <!-- Needed to activate the verification extension -->
<div id="extension-version">2.4</div> <!-- Minimum version of the extension -->
<div id="tails-version">[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</div>

sajolida's avatar
sajolida committed
5
<h1 class="usb upgrade dvd vm">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</h1>
6 7 8 9 10 11 12 13

<div class="row">

  <div id="direct-download" class="col-md-6"> <!-- Direct download -->
    <h2>Direct download</h2>

    <div class="supported-browser no-js">
      <div id="step-download-direct">
sajolida's avatar
sajolida committed
14 15
        <h3><span class="step-number"><span class="usb upgrade">1.</span>1</span>Download Tails</h3>
        <div class="usb upgrade download-only-img">
16 17 18 19 20 21 22 23 24 25 26
          <a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img" class="use-mirror-pool btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_img_size" raw="yes" sort="age"]]</span>)</a>
          <a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img" class="use-mirror-pool-on-retry btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_img_size" raw="yes" sort="age"]]</span>)</a>
        </div>
        <div class="dvd vm download-only-iso">
          <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso" class="use-mirror-pool btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_iso_size" raw="yes" sort="age"]]</span>)</a>
          <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso" class="use-mirror-pool-on-retry btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_iso_size" raw="yes" sort="age"]]</span>)</a>
        </div>
        <p id="already-downloaded" class="indent"><a>I already downloaded Tails <span class="remove-extra-space">&nbsp;[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>.</a></p>
      </div>

      <div id="step-verify-direct">
sajolida's avatar
sajolida committed
27
        <h3><span class="step-number"><span class="usb upgrade">1.</span>2</span>Verify your download using your browser</h3>
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
        <div class="caution indent">
          <p><b>For your security,<br/>always verify your download!</b></p>
          <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-supported" text="Why?"]]</p>
          <div id="why-verify-supported" class="floating-toggleable">
          [[!toggleable id="why-verify-supported" text="""
          [[!toggle id="why-verify-supported" text="X"]]
          <p>With an unverified download, you might:</p>
          <ul>
            <li>Lose time if your download is incomplete or broken due to an error during the download.
                This is quite frequent.</li>
            <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
                <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
            <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
                <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
          </ul>
          <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
          """]]
          </div>
          <p>Our browser extension makes it quick and easy.</p>
        </div>
        <div id="install-extension" class="indent">
          <a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn supported-browser firefox btn btn-primary inline-block">Install <u>Tails Verification</u> extension</a>
          <a href="https://chrome.google.com/webstore/detail/tails-verification/gaghffbplpialpoeclgjkkbknblfajdl" class="install-extension-btn supported-browser chrome btn btn-primary inline-block" target="_blank">Install <u>Tails Verification</u> extension</a>
          <div class="no-js">
            <p>You seem to have JavaScript disabled. To use our browser
               extension, please allow all this page:</p>
            [[!img screenshots/allow_js.png link="no"]]
          </div>
        </div>
        <div id="update-extension" class="indent block">
          <p>Your extension is an older version.</p>
          <a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn firefox btn btn-primary inline-block">Update extension</a>
          <a href="https://chrome.google.com/webstore/detail/tails-verification/gaghffbplpialpoeclgjkkbknblfajdl" class="install-extension-btn chrome btn btn-primary inline-block" target="_blank">Update extension</a>
        </div>
        <div id="verification" class="indent block">
          <p id="extension-installed" class="block"><u>Tails Verification</u> extension installed!</p>
          <label id="verify-download-wrapper" class="btn btn-primary inline-block">
            Verify Tails <span class="remove-extra-space">&nbsp;[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>&hellip;
            <input id="verify-download" type="file"/>
          </label>
          <div id="verifying-download" class="indent block">
            <p>Verifying <span id="filename">$FILENAME</span>&hellip;</p>
            <div class="progress">
              <div id="progress-bar" class="progress-bar" role="progressbar" style="width: 0%" aria-valuenow="0" aria-valuemin="0" aria-valuemax="100"></div>
            </div>
          </div>
          <p id="verification-successful" class="block">Verification successful!</p>
          <div id="verification-failed" class="block">
            <p><b>Verification failed!</b></p>
            <p class="floating-toggleable-link why-failed-link">[[!toggle id="why-failed" text="Why?"]]</p>
            <div id="why-failed" class="floating-toggleable">
            [[!toggleable id="why-failed" text="""
            [[!toggle id="why-failed" text="X"]]
            <p>Most likely, the verification failed because of an error
            or interruption during the download.</p>

	    <p>The verification also fails if you try to verify a different
            download than the latest version (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>).</p>

            <p>Less likely, the verification might have failed because
            of a malicious download from our download mirrors or due to
            a network attack in your country or local network.</p>

            <p>Downloading again is usually enough to fix this
            problem.</p>

            <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
            """]]
            </div>
sajolida's avatar
sajolida committed
97
            <p class="usb upgrade download-only-img"><a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img-again" class="use-mirror-pool-on-retry">Please try to download again&hellip;</a></p>
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
            <p class="dvd vm download-only-iso"><a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso-again" class="use-mirror-pool-on-retry">Please try to download again&hellip;</a></p>
          </div>
          <div id="verification-failed-again" class="block">
            <p><b>Verification failed again!</b></p>
            <p class="floating-toggleable-link why-failed-again-link">[[!toggle id="why-failed-again" text="Why?"]]</p>
            <div id="why-failed-again" class="floating-toggleable">
            [[!toggleable id="why-failed-again" text="""
            [[!toggle id="why-failed-again" text="X"]]
            <p>The verification might have failed again because of:</p>
            <ul>
              <li>A software problem in our verification extension</li>
              <li>A malicious download from our download mirrors</li>
              <li>A network attack in your country or local network</li>
            </ul>
            <p>Trying from a different place or a different computer might solve any of these issues.</p>
            """]]
            </div>
            <p>Please try to download again from a different place or a different computer&hellip;</p>
          </div>
        </div>
      </div>

      <div id="step-continue-direct">
sajolida's avatar
sajolida committed
121 122 123
        <h3><span class="step-number"><span class="usb upgrade">1.</span>3</span>Continue
          <span class="usb">installing</span>
          <span class="upgrade">upgrading</span>
124 125 126 127 128 129 130 131 132 133
          <span class="download-only-img download-only-iso">installing or upgrading</span></h3>
      </div>
      <div id="continue-link-direct" class="indent">
        <div id="skip-download-direct">
          <span class="windows">[[Skip download|win/usb]]</span>
          <span class="linux">[[Skip download|linux/usb]]</span>
          <span class="mac">[[Skip download|mac/usb]]</span>
          <span class="dvd">[[Skip download|dvd]]</span>
          <span class="vm">[[Skip download|doc/advanced_topics/virtualization]]</span>
          <span class="upgrade-tails">[[Skip download|upgrade/tails]]</span>
sajolida's avatar
sajolida committed
134
          <span class="upgrade-windows">[[Skip download|upgrade/win]]</span>
sajolida's avatar
sajolida committed
135
          <span class="upgrade-mac">[[Skip download|upgrade/mac]]</span>
sajolida's avatar
sajolida committed
136
          <span class="upgrade-linux">[[Skip download|upgrade/linux]]</span>
137 138 139 140 141 142 143 144
        </div>
        <div id="skip-verification-direct" class="block">
          <div class="windows">[[Skip verification!|win/usb]]</div>
          <div class="linux">[[Skip verification!|linux/usb]]</div>
          <div class="mac">[[Skip verification!|mac/usb]]</div>
          <div class="dvd">[[Skip verification!|dvd]]</div>
          <div class="vm">[[Skip verification!|doc/advanced_topics/virtualization]]</div>
          <div class="upgrade-tails">[[Skip verification!|upgrade/tails]]</div>
sajolida's avatar
sajolida committed
145
          <div class="upgrade-windows">[[Skip verification!|upgrade/win]]</div>
sajolida's avatar
sajolida committed
146
          <div class="upgrade-mac">[[Skip verification!|upgrade/mac]]</div>
sajolida's avatar
sajolida committed
147
          <div class="upgrade-linux">[[Skip verification!|upgrade/linux]]</div>
148 149 150 151 152 153
        </div>
        <div id="next-direct">
          <div class="windows">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|win/usb]]</div>
          <div class="linux">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|linux/usb]]</div>
          <div class="mac">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|mac/usb]]</div>
          <div class="upgrade-tails">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/tails]]</div>
sajolida's avatar
sajolida committed
154
          <div class="upgrade-windows">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/win]]</div>
sajolida's avatar
sajolida committed
155
          <div class="upgrade-mac">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/mac]]</div>
sajolida's avatar
sajolida committed
156
          <div class="upgrade-linux">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/linux]]</div>
157 158 159 160 161
          <div class="dvd">[[<div class="btn btn-primary inline-block">Next: Burning Tails on a DVD</div>|dvd]]</div>
          <div class="vm">[[<div class="btn btn-primary inline-block">Next: Virtualization</div>|doc/advanced_topics/virtualization]]</div>
          <div class="download-only-img">
            <p>Upgrade your Tails USB stick and keep your persistent storage:</p>
            <ul>
sajolida's avatar
sajolida committed
162 163
              <li>[[Upgrade from your Tails|upgrade/tails]]</li>
              <li>[[Upgrade from Windows|upgrade/win]]</li>
sajolida's avatar
sajolida committed
164
              <li>[[Upgrade from macOS|upgrade/mac]]</li>
sajolida's avatar
sajolida committed
165
              <li>[[Upgrade from Linux|upgrade/linux]]</li>
166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219
            </ul>
            <p>Install a new USB stick:</p>
            <ul>
              <li>[[Install from Windows|install/win/usb]]</li>
              <li>[[Install from macOS|install/mac/usb]]</li>
              <li>[[Install from Linux|install/linux/usb]]</li>
            </ul>
          </div>
          <ul class="download-only-iso">
            <li>[[Burn on a DVD|dvd]]</li>
            <li>[[Run in a virtual machine|doc/advanced_topics/virtualization]]</li>
          </ul>
        </div>
      </div>
    </div> <!-- Supported browser & No JS -->

    <div class="outdated-browser unsupported-browser">
      <p>You are using <u><b><span id="detected-browser">$DETECTED-BROWSER</span></b></u>.</p>
      <p>Direct download is only available for:</p>
      <ul>
        <li>Firefox <span id="min-version-firefox">$MINVER-FIREFOX</span> and later (<a href="https://www.mozilla.org/firefox/new/">Download</a>)</li>
        <li>Chrome<span id="min-version-chrome">$MINVER-CHROME</span> and later (<a href="https://www.google.com/chrome/">Download</a>)</li>
        <li>Tor Browser <span id="min-version-tor-browser">$MINVER-TOR-BROWSER</span> and later (<a href="https://www.torproject.org/download/download-easy.html">Download</a>)</li>
      </ul>
    </div>
    <div class="outdated-browser">
      <p>Please update your browser to the latest version.</p>
    </div>
    <div class="unsupported-browser">
      <div class="caution">
        <p><b>For your security,<br/>always verify your download!</b></p>
        <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-unsupported" text="Why?"]]</p>
        <div id="why-verify-unsupported" class="floating-toggleable">
        [[!toggleable id="why-verify-unsupported" text="""
        [[!toggle id="why-verify-unsupported" text="X"]]
        <p>With an unverified download, you might:</p>
        <ul>
          <li>Lose time if your download is incomplete or broken due to an error during the download.
              This is quite frequent.</li>
          <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
              <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
          <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
              <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
        </ul>
        <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
        """]]
        </div>
        <p>Our browser extension for Firefox, Chrome, and Tor Browser makes this quick and easy.</p>
      </div>
      <p>Copy and paste this link in Firefox, Chrome, or Tor Browser:</p>
      <p class="windows"><code>https://tails.boum.org/install/win/usb-download/</code></p>
      <p class="linux"><code>https://tails.boum.org/install/linux/usb-download/</code></p>
      <p class="mac"><code>https://tails.boum.org/install/mac/usb-download/</code></p>
      <p class="upgrade-tails"><code>https://tails.boum.org/upgrade/tails-download/</code></p>
sajolida's avatar
sajolida committed
220
      <p class="upgrade-windows"><code>https://tails.boum.org/upgrade/win-download/</code></p>
sajolida's avatar
sajolida committed
221
      <p class="upgrade-mac"><code>https://tails.boum.org/upgrade/mac-download/</code></p>
sajolida's avatar
sajolida committed
222
      <p class="upgrade-linux"><code>https://tails.boum.org/upgrade/linux-download/</code></p>
223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247
      <p class="dvd"><code>https://tails.boum.org/install/dvd-download/</code></p>
      <p class="vm"><code>https://tails.boum.org/install/vm-download/</code></p>
      <p class="download-only-img"><code>https://tails.boum.org/install/download/</code></p>
      <p class="download-only-iso"><code>https://tails.boum.org/install/download-iso/</code></p>
    </div> <!-- Outdated browser -->
  </div> <!-- Direct download -->

  <div id="bittorrent-download" class="col-md-6">
    <h2>BitTorrent download</h2>
    <p class="floating-toggleable-link what-is-bittorrent-link">[[!toggle id="what-is-bittorrent" text="What is BitTorrent?"]]</p>

    <div id="what-is-bittorrent" class="floating-toggleable">
    [[!toggleable id="what-is-bittorrent" text="""
    [[!toggle id="what-is-bittorrent" text="X"]]
    <p>BitTorrent is a peer-to-peer technology for file sharing that makes your
    download faster and easier to resume.</p>

    <p>You need to install BitTorrent software on your computer, like
    <a href="https://transmissionbt.com/">Transmission</a> (for Windows, macOS, and Linux).</p>

    <p>BitTorrent doesn't work over Tor or in Tails.</p>
    """]]
    </div>

    <div id="step-download-torrent">
sajolida's avatar
sajolida committed
248 249
      <h3><span class="step-number"><span class="usb upgrade">1.</span>1</span>Download Tails (Torrent file)</h3>
      <div class="usb upgrade download-only-img">
250 251 252 253 254 255 256 257
        <a href="[[!inline pages="inc/stable_amd64_img_torrent_url" raw="yes" sort="age"]]" id="download-img-torrent" class="btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] Torrent file for USB image</a>
      </div>
      <div class="dvd vm download-only-iso">
        <a href="[[!inline pages="inc/stable_amd64_iso_torrent_url" raw="yes" sort="age"]]" id="download-iso-torrent" class="btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] Torrent file for ISO image</a>
      </div>
    </div>

    <div id="step-verify-bittorrent">
sajolida's avatar
sajolida committed
258
      <h3><span class="step-number"><span class="usb upgrade">1.</span>2</span>Verify your download using BitTorrent</h3>
259 260 261 262
      <p class="indent">Your BitTorrent client will automatically verify your download when it is complete.</p>
    </div>

    <div id="step-continue-bittorrent">
sajolida's avatar
sajolida committed
263 264 265
      <h3><span class="step-number"><span class="usb upgrade">1.</span>3</span>Continue
          <span class="usb">installing</span>
          <span class="upgrade">upgrading</span>
266
          <span class="download-only-img download-only-iso">installing or upgrading</span></h3>
267
      <p class="indent">Open and download
268 269
      the Torrent file with your BitTorrent client. It contains the
      Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]
sajolida's avatar
sajolida committed
270
      <span class="usb upgrade download-only-img">USB</span>
271
      <span class="dvd vm download-only-iso">ISO</span>
sajolida's avatar
sajolida committed
272
      <span class="usb dvd vm upgrade">image that you will use in the next step.</span>
273
      <span class="download-only-img download-only-iso">image.</span>
274 275 276 277 278 279 280 281 282
    </div>
    <div id="continue-link-bittorrent" class="indent">
      <div id="skip-download-bittorrent">
        <span class="windows">[[Skip download|win/usb]]</span>
        <span class="linux">[[Skip download|linux/usb]]</span>
        <span class="mac">[[Skip download|mac/usb]]</span>
        <span class="dvd">[[Skip download|dvd]]</span>
        <span class="vm">[[Skip download|doc/advanced_topics/virtualization]]</span>
        <span class="upgrade-tails">[[Skip download|upgrade/tails]]</span>
sajolida's avatar
sajolida committed
283
        <span class="upgrade-windows">[[Skip download|upgrade/win]]</span>
sajolida's avatar
sajolida committed
284
        <span class="upgrade-mac">[[Skip download|upgrade/mac]]</span>
sajolida's avatar
sajolida committed
285
        <span class="upgrade-linux">[[Skip download|upgrade/linux]]</span>
286 287 288 289 290 291
      </div>
      <div id="next-bittorrent">
        <div class="windows">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|win/usb]]</div>
        <div class="linux">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|linux/usb]]</div>
        <div class="mac">[[<div class="btn btn-primary inline-block">Next: Install Tails (<span class="next-counter"></span>)</div>|mac/usb]]</div>
        <div class="upgrade-tails">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/tails]]</div>
sajolida's avatar
sajolida committed
292
        <div class="upgrade-windows">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/win]]</div>
sajolida's avatar
sajolida committed
293
        <div class="upgrade-mac">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/mac]]</div>
sajolida's avatar
sajolida committed
294
        <div class="upgrade-linux">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/linux]]</div>
295 296 297 298 299
        <div class="dvd">[[<div class="btn btn-primary inline-block">Next: Burning Tails on a DVD</div>|dvd]]</div>
        <div class="vm">[[<div class="btn btn-primary inline-block">Next: Virtualization</div>|doc/advanced_topics/virtualization]]</div>
        <div class="download-only-img">
          <p>Upgrade your Tails USB stick and keep your persistent storage:</p>
          <ul>
sajolida's avatar
sajolida committed
300 301
            <li>[[Upgrade from your Tails|upgrade/tails]]</li>
            <li>[[Upgrade from Windows|upgrade/win]]</li>
sajolida's avatar
sajolida committed
302
            <li>[[Upgrade from macOS|upgrade/mac]]</li>
sajolida's avatar
sajolida committed
303
            <li>[[Upgrade from Linux|upgrade/linux]]</li>
304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329
          </ul>
          <p>Install a new USB stick:</p>
          <ul>
            <li>[[Install from Windows|install/win/usb]]</li>
            <li>[[Install from macOS|install/mac/usb]]</li>
            <li>[[Install from Linux|install/linux/usb]]</li>
          </ul>
        </div>
        <ul class="download-only-iso">
          <li>[[Burn on a DVD|dvd]]</li>
          <li>[[Run in a virtual machine|doc/advanced_topics/virtualization]]</li>
        </ul>
      </div>
    </div>
  </div> <!-- BitTorrent download -->

</div>

<div id="openpgp">

<h2>Verify using OpenPGP (optional)</h2>

<p>If you know OpenPGP, you can also verify your download using an
OpenPGP signature instead of, or in addition to, our browser extension or
BitTorrent.</p>

cbrownstein's avatar
cbrownstein committed
330
<p>Download the
sajolida's avatar
sajolida committed
331
<a class="usb upgrade download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
cbrownstein's avatar
cbrownstein committed
332 333 334
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355

<h3>Basic OpenPGP verification</h3>

[[!toggle id="basic-openpgp" text="See instructions for basic OpenPGP verification."]]

[[!toggleable id="basic-openpgp" text="""
<span class="hide">[[!toggle id="basic-openpgp" text=""]]</span>

<p>This section provides simplified instructions:</p>

<ul>
  <li><a href="#windows">In Windows with <span class="application">Gpg4win</span></a></li>
  <li><a href="#mac">In macOS with <span class="application">GPGTools</span></a></li>
  <li><a href="#tails">In Tails</a></li>
  <li><a href="#command-line">Using the command line</a></li>
</ul>

<a id="windows"></a>

<h3>In Windows with <span class="application">Gpg4win</span></h3>

sajolida's avatar
sajolida committed
356
<ol>
357 358
  <li>
    <p>Download the
sajolida's avatar
sajolida committed
359
    <a class="usb upgrade download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
360 361 362 363 364
    <a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
    and save it to the same folder where
    you saved the image.</p>
  </li>

sajolida's avatar
sajolida committed
365 366 367
  <li>
    <p>Download the [[Tails signing key|tails-signing.key]] and import it into
    <span class="application">Gpg4win</span>.</p>
368

sajolida's avatar
sajolida committed
369 370 371
    <p>See the [[<span class="application">Gpg4win</span> documentation on
    importing keys|https://www.gpg4win.org/doc/en/gpg4win-compendium_15.html]].</p>
  </li>
372

sajolida's avatar
sajolida committed
373
  <li>
sajolida's avatar
sajolida committed
374 375
    <p>Verify the signature of the image that you downloaded.</p>

sajolida's avatar
sajolida committed
376 377
    <p>See the [[<span class="application">Gpg4win</span> documentation on
    verifying signatures|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]].</p>
378

sajolida's avatar
sajolida committed
379 380
    <p>Verify that the date of the signature is at most five days earlier than
    the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
381

sajolida's avatar
sajolida committed
382
    <p>If the following warning appears:</p>
383

sajolida's avatar
sajolida committed
384 385 386 387 388
    <pre>
    Not enough information to check the signature validity.
    Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
    The validity of the signature cannot be verified.
    </pre>
389

sajolida's avatar
sajolida committed
390 391 392 393 394
    <p>Then the image is still correct according to the signing key that you
    downloaded. To remove this warning you need to <a href="#wot">authenticate the
    signing key through the OpenPGP Web of Trust</a>.</p>
  </li>
</ol>
395 396 397 398 399 400

<a id="mac"></a>

<h3>In macOS using <span class="application">GPGTools</span></h3>

<ol>
401 402
  <li>
    <p>Download the
sajolida's avatar
sajolida committed
403
    <a class="usb upgrade download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
404 405 406 407 408
    <a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
    and save it to the same folder where
    you saved the image.</p>
  </li>

cbrownstein's avatar
cbrownstein committed
409 410 411 412 413 414
  <li>
   <p>Download the [[Tails signing key|tails-signing.key]] and import it into
   <span class="application">GPGTools</span>.</p>
   <p>See the [[<span class="application">GPGTools</span> documentation on
   importing keys|https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/how-to-find-public-keys-of-your-friends-and-import-them#import-key-file]].</p>
  </li>
415
  <li>
416 417
   <p>Open <span class="application">Finder</span> and navigate to the
   folder where you saved the image and the signature.</p>
418 419 420
  </li>

  <li>
421
   <p>Control-click on the image and choose
422 423
   <span class="guimenuchoice">
     <span class="guisubmenu">Services</span>
424
     <span class="guimenuitem">OpenPGP: Verify Signature of File</span></span>.</p>
425 426 427 428 429 430 431
  </li>
</ol>

<a id="tails"></a>

<h3>In Tails</h3>

432 433
<p>Tails comes with the Tails signing key already imported.</p>

434
<ol>
435 436
  <li>
    <p>Download the
sajolida's avatar
sajolida committed
437
    <a class="usb upgrade download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
438 439 440 441 442
    <a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
    and save it to the same folder where
    you saved the image.</p>
  </li>

443
  <li>
444 445
   <p>Open the file browser and navigate to the folder where you saved the
   image and the signature.</p>
446 447 448
  </li>

  <li>
449 450
   <p>Right-click (on Mac, click with two fingers) on the signature and choose <span class="guimenuitem">Open With
   Verify Signature</span>.</p>
451 452 453
  </li>

  <li>
454
   <p>The verification of the image starts automatically:</p>
455 456 457 458 459

   <p>[[!img install/inc/screenshots/verifying_in_tails.png link="no"]]</p>
  </li>

  <li>
460 461
   <p>After the verification finishes, you should see a notification that the
   signature is good:</p>
462

sajolida's avatar
sajolida committed
463
   <p class="usb upgrade download-only-img">[[!img install/inc/screenshots/verifying_in_tails_img_good.png link="no"]]</p>
464
   <p class="dvd vm download-only-iso">[[!img install/inc/screenshots/verifying_in_tails_iso_good.png link="no"]]</p>
465 466 467

   <p>Verify that the date of the signature is at most five days earlier
   than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
468 469 470

   <p>If instead, you see a notification that the signature is valid but untrusted:</p>

sajolida's avatar
sajolida committed
471
   <p class="usb upgrade download-only-img">[[!img install/inc/screenshots/verifying_in_tails_img_untrusted.png link="no"]]</p>
472 473 474 475 476
   <p class="dvd vm download-only-iso">[[!img install/inc/screenshots/verifying_in_tails_iso_untrusted.png link="no"]]</p>

   <p>Then the image is still correct according to the signing key that you
   downloaded. To remove this warning you need to <a href="#wot">authenticate
   the signing key through the OpenPGP Web of Trust</a>.</p>
477 478 479 480 481 482 483
  </li>
</ol>

<a id="command-line"></a>

<h3>Using the command line</h3>

484

485
<ol>
486 487
  <li>
    <p>Download the
sajolida's avatar
sajolida committed
488
    <a class="usb upgrade download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
489 490 491 492
    <a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
    and save it to the same folder where
    you saved the image.</p>
  </li>
493 494

  <li>
495 496 497 498 499 500 501 502 503 504 505 506
    <p>Download the [[Tails signing key|tails-signing.key]] and import it into
    <span class="application">GnuPGP</span>.</p>

    <p>To import the Tails signing key into
    <span class="application">GnuPGP</span>, open a terminal and navigate to
    the folder where you saved the Tails signing key.</p>

    <p>Execute:</p>

    <p class="pre">gpg --import tails-signing.key</p>
  </li>
  <li>
507 508
   <p>In a terminal, navigate to the folder where you saved the
   image and the signature.</p>
509 510 511 512 513
  </li>

  <li>
   <p>Execute:</p>

sajolida's avatar
sajolida committed
514
   <p class="usb upgrade download-only-img pre">[[!inline pages="inc/stable_amd64_img_gpg_verify" raw="yes" sort="age"]]</p>
515 516 517 518
   <p class="dvd vm download-only-iso pre">[[!inline pages="inc/stable_amd64_iso_gpg_verify" raw="yes" sort="age"]]</p>

   <p>The output of this command should be the following:</p>

sajolida's avatar
sajolida committed
519
   <p class="usb upgrade download-only-img pre">[[!inline pages="inc/stable_amd64_img_gpg_signature_output" raw="yes" sort="age"]]</p>
520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654
   <p class="dvd vm download-only-iso pre">[[!inline pages="inc/stable_amd64_iso_gpg_signature_output" raw="yes" sort="age"]]</p>

   <p>Verify that the date of the signature is at most five days
   earlier than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>

   <p>If the output also includes:</p>

   <p class="pre">
   gpg: WARNING: This key is not certified with a trusted signature!<br/>
   gpg:          There is no indication that the signature belongs to the owner.<br/>
   </p>

   <p>Then the image is still correct according to the signing key that you
   downloaded. To remove this warning you need to <a href="#wot">authenticate
   the signing key through the OpenPGP Web of Trust</a>.</p>
  </li>

</ol>

"""]]

<a id="wot"></a>

<h3>Authenticate the signing key through the OpenPGP Web of Trust</h3>

<p>Authenticating our signing key through the OpenPGP Web of Trust is
the only way that you can be protected in case our website is
compromised or if you are a victim of a [[man-in-the-middle attack|doc/about/warning#man-in-the-middle]].
However, it is complicated to do and it might not be
possible for everyone because it relies on trust relationships between
individuals.</p>

[[!toggle id="web-of-trust" text="Read more about authenticating the Tails signing key through the OpenPGP Web of Trust."]]

[[!toggleable id="web-of-trust" text="""
<span class="hide">[[!toggle id="web-of-trust" text=""]]</span>

<p>The verification techniques that we present (browser extension,
BitTorrent, or OpenPGP verification) all rely on some
information being securely downloaded using HTTPS from our website:</p>

<ul>
  <li>The <em>checksum</em> for the Firefox extension</li>
  <li>The <em>Torrent file</em> for BitTorrent</li>
  <li>The <em>Tails signing key</em> for OpenPGP verification</li>
</ul>

<p>It is possible that you could download malicious information if our
website is compromised or if you are a victim of a man-in-the-middle
attack.</p>

<p>OpenPGP verification is the only technique that protects you if
our website is compromised or if you are a victim of a man-in-the-middle
attack. But, for that you need to authenticate the Tails signing key
through the OpenPGP Web of Trust.</p>

<div class="note">

<p>If you are verifying an image from inside Tails, for
example, to do a manual upgrade, then you already have the Tails signing key.
You can trust this signing key as much as you already trust your
Tails installation since this signing key is included in your Tails
installation.</p>

</div>

<p>One of the inherent problems of standard HTTPS is that the trust put
in a website is defined by certificate authorities: a hierarchical and closed
set of companies and governmental institutions approved by your web browser vendor.
This model of trust has long been criticized and proved several times to be
vulnerable to attacks [[as explained on our warning page|doc/about/warning#man-in-the-middle]].</p>

<p>We believe that, instead, users should be given the final say when trusting a
website, and that designation of trust should be done on the basis of human
interactions.</p>

<p>The OpenPGP [[!wikipedia Web_of_Trust]] is a
decentralized trust model based on OpenPGP keys that can help with solving
this problem. Let's see this with an example:</p>

<ol>
  <li>
   <em>You are friends with Alice and you really trust her way of making sure
   that OpenPGP keys actually belong to their owners.</em>
  </li>

  <li>
   <em>Alice met Bob, a Tails developer, in a conference and certified
   Bob's key as actually belonging to Bob.</em>
  </li>

  <li>
    <em>Bob is a Tails developer who directly owns the Tails signing key. So,
    Bob has certified the Tails signing key as actually belonging to Tails.</em>
  </li>
</ol>

<p>In this scenario, you found, through Alice and Bob, a path to trust the Tails signing key
without the need to rely on certificate authorities.</p>

<div class="tip">

<p>If you are on Debian, Ubuntu, or Linux Mint, you can install the
<code>debian-keyring</code> package which contains the OpenPGP keys of
all Debian developers. Some Debian developers have certified the Tails
signing key and you can use these certifications to build a trust path.
This technique is explained in detail in our instructions on
[[installing Tails from Debian, Ubuntu, or Linux Mint using the command
line|install/expert/usb]].</p>

</div>

<p>Relying on the Web of Trust requires both caution and intelligent supervision
by the users. The technical details are outside of the scope of this document.</p>

<p>Since the Web of Trust is based on actual human relationships and
real-life interactions, it is best to get in touch with people
knowledgeable about OpenPGP and build trust relationships in order to
find your own trust path to the Tails signing key.</p>

<p>For example, you can start by contacting a local [[!wikipedia Linux_User_Group]],
[[an organization offering Tails training|support/learn]], or other Tails
enthusiasts near you and exchange about their OpenPGP practices.</p>

<div class="tip">

<p>After you build a trust path, you can certify the Tails signing key by
signing it with your own key to get rid of some warnings during the
verification process.</p>

</div>

"""]]

</div>