download.inline.html 30.4 KB
Newer Older
sajolida's avatar
sajolida committed
1
<div id="activate-tails-verification"></div> <!-- Needed to activate the verification extension -->
2
<div id="extension-version">1.0</div> <!-- Minimum version of the extension -->
3

4
<h1 class="debian windows linux mac-usb mac-dvd dvd vm upgrade-tails">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</h1>
5

6 7
<div class="row">

8
  <div id="direct-download" class="col-md-6"> <!-- Direct download -->
9 10
    <h2>Direct download</h2>

11
    <div class="supported-browser no-js">
12
      <div id="step-download-direct">
13
        <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>1</span>Download Tails</h3>
14
        <div class="debian windows linux mac-usb upgrade-tails download-only-img">
15 16 17
          <a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img" class="use-mirror-pool btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_img_size" raw="yes" sort="age"]]</span>)</a>
          <a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img" class="use-mirror-pool-on-retry btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_img_size" raw="yes" sort="age"]]</span>)</a>
        </div>
18
        <div class="mac-dvd dvd vm download-only-iso">
19 20 21
          <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso" class="use-mirror-pool btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_iso_size" raw="yes" sort="age"]]</span>)</a>
          <a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso" class="use-mirror-pool-on-retry btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_iso_size" raw="yes" sort="age"]]</span>)</a>
        </div>
22
        <p id="already-downloaded" class="indent"><a>I already downloaded Tails <span class="remove-extra-space">&nbsp;[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>.</a></p>
23
      </div>
24

25
      <div id="step-verify-direct">
sajolida's avatar
sajolida committed
26
        <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>2</span>Verify your download using your browser</h3>
27
        <div class="caution indent">
28
          <p><b>For your security,<br/>always verify your download!</b></p>
29
          <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-supported" text="Why?"]]</p>
30 31 32
          <div id="why-verify-supported" class="floating-toggleable">
          [[!toggleable id="why-verify-supported" text="""
          [[!toggle id="why-verify-supported" text="X"]]
33
          <p>With an unverified download, you might:</p>
34
          <ul>
35
            <li>Lose time if your download is incomplete or broken due to an error during the download.
36
                This is quite frequent.</li>
37
            <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
38
                <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
39
            <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
40 41
                <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
          </ul>
cbrownstein's avatar
cbrownstein committed
42
          <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
43 44
          """]]
          </div>
45
          <p>Our browser extension makes it quick and easy.</p>
46
        </div>
47
        <div id="install-extension" class="indent">
48 49
          <a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn supported-browser firefox btn btn-primary inline-block">Install <u>Tails Verification</u> extension</a>
          <a class="install-extension-btn supported-browser chrome btn btn-primary inline-block">Install <u>Tails Verification</u> extension</a>
50 51 52 53 54
          <div class="no-js">
            <p>You seem to have JavaScript disabled. To use our browser
               extension, please allow all this page:</p>
            [[!img screenshots/allow_js.png link="no"]]
          </div>
55
        </div>
56 57
        <div id="update-extension" class="indent block">
          <p>Your extension is an older version.</p>
58 59
          <a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn firefox btn btn-primary inline-block">Update extension</a>
          <a class="install-extension-btn chrome btn btn-primary inline-block">Update extension</a>
60 61
        </div>
        <div id="verification" class="indent block">
sajolida's avatar
sajolida committed
62
          <p id="extension-installed" class="block"><u>Tails Verification</u> extension installed!</p>
63
          <label id="verify-download-wrapper" class="btn btn-primary inline-block">
64
            Verify Tails <span class="remove-extra-space">&nbsp;[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>&hellip;
65 66
            <input id="verify-download" type="file"/>
          </label>
sajolida's avatar
sajolida committed
67
          <div id="verifying-download" class="indent block">
68
            <p>Verifying <span id="filename">$FILENAME</span>&hellip;</p>
sajolida's avatar
sajolida committed
69 70 71 72
            <div class="progress">
              <div id="progress-bar" class="progress-bar" role="progressbar" style="width: 0%" aria-valuenow="0" aria-valuemin="0" aria-valuemax="100"></div>
            </div>
          </div>
73
          <p id="verification-successful" class="block">Verification successful!</p>
74
          <div id="verification-failed" class="block">
75
            <p><b>Verification failed!</b></p>
76
            <p class="floating-toggleable-link why-failed-link">[[!toggle id="why-failed" text="Why?"]]</p>
77 78 79 80 81 82
            <div id="why-failed" class="floating-toggleable">
            [[!toggleable id="why-failed" text="""
            [[!toggle id="why-failed" text="X"]]
            <p>Most likely, the verification failed because of an error
            or interruption during the download.</p>

83 84 85
	    <p>The verification also fails if you try to verify a different
            download than the latest version (<span class="remove-extra-space">[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>).</p>

86 87 88 89 90 91
            <p>Less likely, the verification might have failed because
            of a malicious download from our download mirrors or due to
            a network attack in your country or local network.</p>

            <p>Downloading again is usually enough to fix this
            problem.</p>
92

cbrownstein's avatar
cbrownstein committed
93
            <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
94 95
            """]]
            </div>
96 97
            <p class="debian windows linux mac-usb upgrade-tails download-only-img"><a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img-again" class="use-mirror-pool-on-retry">Please try to download again&hellip;</a></p>
            <p class="mac-dvd dvd vm download-only-iso"><a href="[[!inline pages="inc/stable_amd64_iso_url" raw="yes" sort="age"]]" id="download-iso-again" class="use-mirror-pool-on-retry">Please try to download again&hellip;</a></p>
98
          </div>
99
          <div id="verification-failed-again" class="block">
100
            <p><b>Verification failed again!</b></p>
101
            <p class="floating-toggleable-link why-failed-again-link">[[!toggle id="why-failed-again" text="Why?"]]</p>
102 103 104 105 106 107 108 109 110 111 112 113
            <div id="why-failed-again" class="floating-toggleable">
            [[!toggleable id="why-failed-again" text="""
            [[!toggle id="why-failed-again" text="X"]]
            <p>The verification might have failed again because of:</p>
            <ul>
              <li>A software problem in our verification extension</li>
              <li>A malicious download from our download mirrors</li>
              <li>A network attack in your country or local network</li>
            </ul>
            <p>Trying from a different place or a different computer might solve any of these issues.</p>
            """]]
            </div>
114
            <p>Please try to download again from a different place or a different computer&hellip;</p>
115 116
          </div>
        </div>
117 118
      </div>

119
      <div id="step-continue-direct">
sajolida's avatar
sajolida committed
120
        <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>3</span>Continue
121 122
          <span class="debian windows linux mac-usb mac-dvd">installing</span>
          <span class="upgrade-tails">upgrading</span>
123
          <span class="download-only-img download-only-iso">installing or upgrading</span></h3>
124
      </div>
125
      <div id="continue-link-direct" class="indent">
126 127 128 129 130 131
        <div id="skip-download-direct">
          <span class="debian">[[Skip download|debian/usb]]</span>
          <span class="windows">[[Skip download|win/usb]]</span>
          <span class="linux">[[Skip download|linux/usb]]</span>
          <span class="mac-usb">[[Skip download|mac/usb]]</span>
          <span class="mac-dvd">[[Skip download|mac/dvd]]</span>
132 133
          <span class="dvd">[[Skip download|dvd]]</span>
          <span class="vm">[[Skip download|doc/advanced_topics/virtualization]]</span>
134 135
          <span class="upgrade-tails">[[Skip download|upgrade/tails]]</span>
        </div>
136
        <div id="skip-verification-direct" class="block">
sajolida's avatar
sajolida committed
137 138 139 140 141 142 143 144
          <div class="debian">[[Skip verification!|debian/usb]]</div>
          <div class="windows">[[Skip verification!|win/usb]]</div>
          <div class="linux">[[Skip verification!|linux/usb]]</div>
          <div class="mac-usb">[[Skip verification!|mac/usb]]</div>
          <div class="mac-dvd">[[Skip verification!|mac/dvd]]</div>
          <div class="dvd">[[Skip verification!|dvd]]</div>
          <div class="vm">[[Skip verification!|doc/advanced_topics/virtualization]]</div>
          <div class="upgrade-tails">[[Skip verification!|upgrade/tails]]</div>
145
        </div>
146
        <div id="next-direct">
147 148 149 150 151 152 153 154
          <div class="debian">[[<div class="btn btn-primary inline-block">Next: Install <em>Tails Installer</em> (<span class="next-counter"></span>)</div>|debian/usb]]</div>
          <div class="windows">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|win/usb]]</div>
          <div class="linux">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|linux/usb]]</div>
          <div class="mac-usb">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|mac/usb]]</div>
          <div class="mac-dvd">[[<div class="btn btn-primary inline-block">Next: Burn a Tails DVD (<span class="next-counter"></span>)</div>|mac/dvd]]</div>
          <div class="upgrade-tails">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/tails]]</div>
          <div class="dvd">[[<div class="btn btn-primary inline-block">Next: Burning Tails on a DVD</div>|dvd]]</div>
          <div class="vm">[[<div class="btn btn-primary inline-block">Next: Virtualization</div>|doc/advanced_topics/virtualization]]</div>
155
          <ul class="download-only-img">
sajolida's avatar
sajolida committed
156 157 158 159 160
            <li>[[Install from Windows|install/win/usb]]</li>
            <li>[[Install from Debian, Ubuntu, or Mint|install/debian/usb]]</li>
            <li>[[Install from other Linux distributions|install/linux/usb]]</li>
            <li>[[Install from macOS by burning a DVD first|install/mac/dvd]]</li>
            <li>[[Install from macOS and the command line|install/mac/usb]]</li>
161 162 163
            <li>[[Upgrade inside Tails|upgrade/tails]]</li>
          </ul>
          <ul class="download-only-iso">
sajolida's avatar
sajolida committed
164 165
            <li>[[Burn on a DVD|dvd]]</li>
            <li>[[Run in a virtual machine|doc/advanced_topics/virtualization]]</li>
166
          </ul>
167
        </div>
168
      </div>
169
    </div> <!-- Supported browser & No JS -->
170

sajolida's avatar
sajolida committed
171
    <div class="outdated-browser unsupported-browser">
sajolida's avatar
sajolida committed
172 173 174
      <p>You are using <u><b><span id="detected-browser">$DETECTED-BROWSER</span></b></u>.</p>
      <p>Direct download is only available for:</p>
      <ul>
175
        <li>Firefox <span id="min-version-firefox">$MINVER-FIREFOX</span> and later (<a href="https://www.mozilla.org/firefox/new/">Download</a>)</li>
176
        <li>Chrome<span id="min-version-chrome">$MINVER-CHROME</span> and later (<a href="https://www.google.com/chrome/">Download</a>)</li>
177
        <li>Tor Browser <span id="min-version-tor-browser">$MINVER-TOR-BROWSER</span> and later (<a href="https://www.torproject.org/download/download-easy.html">Download</a>)</li>
sajolida's avatar
sajolida committed
178
      </ul>
179 180 181 182 183 184
    </div>
    <div class="outdated-browser">
      <p>Please update your browser to the latest version.</p>
    </div>
    <div class="unsupported-browser">
      <div class="caution">
185
        <p><b>For your security,<br/>always verify your download!</b></p>
186
        <p class="floating-toggleable-link why-verify-link">[[!toggle id="why-verify-unsupported" text="Why?"]]</p>
187 188 189 190 191 192 193 194 195 196 197 198
        <div id="why-verify-unsupported" class="floating-toggleable">
        [[!toggleable id="why-verify-unsupported" text="""
        [[!toggle id="why-verify-unsupported" text="X"]]
        <p>With an unverified download, you might:</p>
        <ul>
          <li>Lose time if your download is incomplete or broken due to an error during the download.
              This is quite frequent.</li>
          <li>Get hacked while using Tails if our download mirrors have been compromised and are serving malicious downloads.<br/>
              <a href="http://blog.linuxmint.com/?p=2994">This already happened to other operating systems.</a></li>
          <li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
              <a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
        </ul>
cbrownstein's avatar
cbrownstein committed
199
        <p>[[How does the extension work?|contribute/design/verification_extension]]</p>
200 201
        """]]
        </div>
202
        <p>Our browser extension for Firefox, Chrome, and Tor Browser makes this quick and easy.</p>
sajolida's avatar
sajolida committed
203
      </div>
204
      <p>Copy and paste this link in Firefox, Chrome, or Tor Browser:</p>
205 206 207 208 209 210 211 212
      <p class="debian"><code>https://tails.boum.org/install/debian/usb-download/</code></p>
      <p class="windows"><code>https://tails.boum.org/install/win/usb-download/</code></p>
      <p class="linux"><code>https://tails.boum.org/install/linux/usb-download/</code></p>
      <p class="mac-usb"><code>https://tails.boum.org/install/mac/usb-download/</code></p>
      <p class="mac-dvd"><code>https://tails.boum.org/install/mac/dvd-download/</code></p>
      <p class="upgrade-tails"><code>https://tails.boum.org/upgrade/tails-download/</code></p>
      <p class="dvd"><code>https://tails.boum.org/install/dvd-download/</code></p>
      <p class="vm"><code>https://tails.boum.org/install/vm-download/</code></p>
213 214
      <p class="download-only-img"><code>https://tails.boum.org/install/download/</code></p>
      <p class="download-only-iso"><code>https://tails.boum.org/install/download-iso/</code></p>
215 216
    </div> <!-- Outdated browser -->
  </div> <!-- Direct download -->
217

218
  <div id="bittorrent-download" class="col-md-6">
219
    <h2>BitTorrent download</h2>
220
    <p class="floating-toggleable-link what-is-bittorrent-link">[[!toggle id="what-is-bittorrent" text="What is BitTorrent?"]]</p>
221 222 223 224 225 226 227

    <div id="what-is-bittorrent" class="floating-toggleable">
    [[!toggleable id="what-is-bittorrent" text="""
    [[!toggle id="what-is-bittorrent" text="X"]]
    <p>BitTorrent is a peer-to-peer technology for file sharing that makes your
    download faster and easier to resume.</p>

sajolida's avatar
sajolida committed
228
    <p>You need to install BitTorrent software on your computer, like
229 230 231 232 233
    <a href="https://transmissionbt.com/">Transmission</a> (for Windows, macOS, and Linux).</p>

    <p>BitTorrent doesn't work over Tor or in Tails.</p>
    """]]
    </div>
234

235 236
    <div id="step-download-torrent">
      <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>1</span>Download Tails (Torrent file)</h3>
237
      <div class="debian windows linux mac-usb upgrade-tails download-only-img">
238 239
        <a href="[[!inline pages="inc/stable_amd64_img_torrent_url" raw="yes" sort="age"]]" id="download-img-torrent" class="btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] Torrent file for USB image</a>
      </div>
240
      <div class="mac-dvd dvd vm download-only-iso">
241 242
        <a href="[[!inline pages="inc/stable_amd64_iso_torrent_url" raw="yes" sort="age"]]" id="download-iso-torrent" class="btn btn-primary inline-block indent">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] Torrent file for ISO image</a>
      </div>
243
    </div>
244

245
    <div id="step-verify-bittorrent">
sajolida's avatar
sajolida committed
246
      <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd upgrade-tails">1.</span>2</span>Verify your download using BitTorrent</h3>
247 248
      <p class="indent">Your BitTorrent client will automatically verify your download when it is complete.</p>
    </div>
249

250
    <div id="step-continue-bittorrent">
251
      <h3><span class="step-number"><span class="debian windows linux mac-usb mac-dvd dvd vm upgrade-tails">1.</span>3</span>Continue
252 253
          <span class="debian windows linux mac-usb mac-dvd">installing</span>
          <span class="upgrade-tails">upgrading</span>
254
          <span class="download-only-img download-only-iso">installing or upgrading</span></h3>
255
      <p class="debian windows linux mac-usb mac-dvd dvd vm upgrade-tails indent">Open and download
256
      the Torrent file with your BitTorrent client. It contains the
257 258 259 260
      Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]
      <span class="debian windows linux mac-usb mac-dvd upgrade-tails">USB</span>
      <span class="debian windows linux mac-usb mac-dvd upgrade-tails">ISO</span>
      image that you will use in the next step.</p>
261
    </div>
262
    <div id="continue-link-bittorrent" class="indent">
263 264 265 266 267 268
      <div id="skip-download-bittorrent">
        <span class="debian">[[Skip download|debian/usb]]</span>
        <span class="windows">[[Skip download|win/usb]]</span>
        <span class="linux">[[Skip download|linux/usb]]</span>
        <span class="mac-usb">[[Skip download|mac/usb]]</span>
        <span class="mac-dvd">[[Skip download|mac/dvd]]</span>
sajolida's avatar
sajolida committed
269 270
        <span class="dvd">[[Skip download|dvd]]</span>
        <span class="vm">[[Skip download|doc/advanced_topics/virtualization]]</span>
271 272
        <span class="upgrade-tails">[[Skip download|upgrade/tails]]</span>
      </div>
273
      <div id="next-bittorrent">
274 275 276 277 278 279 280 281
        <div class="debian">[[<div class="btn btn-primary inline-block">Next: Install <em>Tails Installer</em> (<span class="next-counter"></span>)</div>|debian/usb]]</div>
        <div class="windows">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|win/usb]]</div>
        <div class="linux">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|linux/usb]]</div>
        <div class="mac-usb">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|mac/usb]]</div>
        <div class="mac-dvd">[[<div class="btn btn-primary inline-block">Next: Burn a Tails DVD (<span class="next-counter"></span>)</div>|mac/dvd]]</div>
        <div class="upgrade-tails">[[<div class="btn btn-primary inline-block">Next: Install an intermediary Tails (<span class="next-counter"></span>)</div>|upgrade/tails]]</div>
        <div class="dvd">[[<div class="btn btn-primary inline-block">Next: Burning Tails on a DVD</div>|dvd]]</div>
        <div class="vm">[[<div class="btn btn-primary inline-block">Next: Virtualization</div>|doc/advanced_topics/virtualization]]</div>
282
        <ul class="download-only-img">
sajolida's avatar
sajolida committed
283 284 285 286 287
          <li>[[Install from Windows|install/win/usb]]</li>
          <li>[[Install from Debian, Ubuntu, or Mint|install/debian/usb]]</li>
          <li>[[Install from other Linux distributions|install/linux/usb]]</li>
          <li>[[Install from macOS by burning a DVD first|install/mac/dvd]]</li>
          <li>[[Install from macOS and the command line|install/mac/usb]]</li>
288 289 290
          <li>[[Upgrade inside Tails|upgrade/tails]]</li>
        </ul>
        <ul class="download-only-iso">
sajolida's avatar
sajolida committed
291 292
          <li>[[Burn on a DVD|dvd]]</li>
          <li>[[Run in a virtual machine|doc/advanced_topics/virtualization]]</li>
293
        </ul>
294
      </div>
295
    </div>
296
  </div> <!-- BitTorrent download -->
297

298
</div>
299

300 301 302
<div id="openpgp">

<h2>Verify using OpenPGP (optional)</h2>
303

304
<p>If you know OpenPGP, you can also verify your download using an
cbrownstein's avatar
cbrownstein committed
305
OpenPGP signature instead of, or in addition to, our browser extension or
306
BitTorrent.</p>
307

sajolida's avatar
sajolida committed
308 309
<ol>
  <li>
310
   <p>Download the [[Tails signing key|tails-signing.key]].</p>
sajolida's avatar
sajolida committed
311
  </li>
312

sajolida's avatar
sajolida committed
313
  <li>
314 315 316
   <p>Download the
   <a class="debian windows linux mac-usb upgrade-tails" href='[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]'>OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
   <a class="mac-dvd dvd vm" href='[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]'>OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
317
   and save it to the same folder where
318
   you saved the image.</p>
sajolida's avatar
sajolida committed
319
  </li>
320
</ol>
321

322
<h3>Basic OpenPGP verification</h3>
323

324
[[!toggle id="basic-openpgp" text="See instructions for basic OpenPGP verification."]]
325

326 327
[[!toggleable id="basic-openpgp" text="""
<span class="hide">[[!toggle id="basic-openpgp" text=""]]</span>
328

sajolida's avatar
sajolida committed
329
<p>This section provides simplified instructions:</p>
330

sajolida's avatar
sajolida committed
331 332 333 334 335 336
<ul>
  <li><a href="#windows">In Windows with <span class="application">Gpg4win</span></a></li>
  <li><a href="#mac">In macOS with <span class="application">GPGTools</span></a></li>
  <li><a href="#tails">In Tails</a></li>
  <li><a href="#command-line">Using the command line</a></li>
</ul>
337 338 339

<a id="windows"></a>

sajolida's avatar
sajolida committed
340
<h3>In Windows with <span class="application">Gpg4win</span></h3>
341

sajolida's avatar
sajolida committed
342 343
<p>See the [[<span class="application">Gpg4win</span> documentation on
verifying signatures|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]].</p>
344

345
<p>Verify that the date of the signature is at most five days earlier than
346
the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
347

sajolida's avatar
sajolida committed
348
<p>If the following warning appears:</p>
349 350 351 352 353 354 355

<pre>
Not enough information to check the signature validity.
Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
The validity of the signature cannot be verified.
</pre>

356
<p>Then the image is still correct according to the signing key that you
357
downloaded. To remove this warning you need to <a href="#wot">authenticate the
sajolida's avatar
sajolida committed
358
signing key through the OpenPGP Web of Trust</a>.</p>
359 360 361

<a id="mac"></a>

sajolida's avatar
sajolida committed
362
<h3>In macOS using <span class="application">GPGTools</span></h3>
363

sajolida's avatar
sajolida committed
364 365 366
<ol>
  <li>
   Open <span class="application">Finder</span> and navigate to the
367
   folder where you saved the image and the signature.
sajolida's avatar
sajolida committed
368
  </li>
369

sajolida's avatar
sajolida committed
370
  <li>
371
   Right-click on the image and choose
372 373 374
   <span class="guimenuchoice">
     <span class="guisubmenu">Services</span>
     <span class="guimenuitem">OpenPGP: Verify Signature of File</span></span>.
sajolida's avatar
sajolida committed
375 376
  </li>
</ol>
377 378 379

<a id="tails"></a>

sajolida's avatar
sajolida committed
380
<h3>In Tails</h3>
381

sajolida's avatar
sajolida committed
382 383 384
<ol>
  <li>
   Open the file browser and navigate to the folder where you saved the
385
   image and the signature.
sajolida's avatar
sajolida committed
386
  </li>
387

sajolida's avatar
sajolida committed
388 389
  <li>
   Right-click on the signature and choose <span class="guimenuitem">Open With
390
   Verify Signature</span>.
sajolida's avatar
sajolida committed
391
  </li>
392

sajolida's avatar
sajolida committed
393
  <li>
394
   The verification of the image starts automatically:
395

sajolida's avatar
sajolida committed
396 397
   <p>[[!img install/inc/screenshots/verifying_in_tails.png link="no"]]</p>
  </li>
398

sajolida's avatar
sajolida committed
399
  <li>
400 401
   After the verification finishes, you should see a notification that the
   signature is good:
402

403 404
   <p class="debian windows linux mac-usb upgrade-tails">[[!img install/inc/screenshots/verifying_in_tails_img_notification.png link="no"]]</p>
   <p class="mac-dvd dvd vm">[[!img install/inc/screenshots/verifying_in_tails_iso_notification.png link="no"]]</p>
405

406
   <p>Verify that the date of the signature is at most five days earlier
407
   than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
sajolida's avatar
sajolida committed
408 409
  </li>
</ol>
410 411 412

<a id="command-line"></a>

sajolida's avatar
sajolida committed
413
<h3>Using the command line</h3>
414

sajolida's avatar
sajolida committed
415 416 417
<ol>

  <li>
418
   Open a terminal and navigate to the folder where you saved the
419
   image and the signature.
sajolida's avatar
sajolida committed
420
  </li>
421

sajolida's avatar
sajolida committed
422 423
  <li>
   <p>Execute:</p>
424

425 426
   <p class="debian windows linux mac-usb upgrade-tails pre">[[!inline pages="inc/stable_amd64_img_gpg_verify" raw="yes" sort="age"]]</p>
   <p class="mac-dvd dvd vm pre">[[!inline pages="inc/stable_amd64_iso_gpg_verify" raw="yes" sort="age"]]</p>
427

sajolida's avatar
sajolida committed
428
   <p>The output of this command should be the following:</p>
429

430 431
   <p class="debian windows linux mac-usb upgrade-tails pre">[[!inline pages="inc/stable_amd64_img_gpg_signature_output" raw="yes" sort="age"]]</p>
   <p class="mac-dvd dvd vm pre">[[!inline pages="inc/stable_amd64_iso_gpg_signature_output" raw="yes" sort="age"]]</p>
432

433
   <p>Verify that the date of the signature is at most five days
434
   earlier than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
435

sajolida's avatar
sajolida committed
436
   <p>If the output also includes:</p>
437

sajolida's avatar
sajolida committed
438 439 440 441
   <p class="pre">
   gpg: WARNING: This key is not certified with a trusted signature!<br/>
   gpg:          There is no indication that the signature belongs to the owner.<br/>
   </p>
442

443
   <p>Then the image is still correct according to the signing key that you
444
   downloaded. To remove this warning you need to <a href="#wot">authenticate
sajolida's avatar
sajolida committed
445 446
   the signing key through the OpenPGP Web of Trust</a>.</p>
  </li>
447

sajolida's avatar
sajolida committed
448 449
</ol>

450 451
"""]]

452 453
<a id="wot"></a>

454
<h3>Authenticate the signing key through the OpenPGP Web of Trust</h3>
455

456
<p>Authenticating our signing key through the OpenPGP Web of Trust is
cbrownstein's avatar
cbrownstein committed
457
the only way that you can be protected in case our website is
458 459
compromised or if you are a victim of a [[man-in-the-middle attack|doc/about/warning#man-in-the-middle]].
However, it is complicated to do and it might not be
cbrownstein's avatar
cbrownstein committed
460 461
possible for everyone because it relies on trust relationships between
individuals.</p>
462 463 464 465 466 467

[[!toggle id="web-of-trust" text="Read more about authenticating the Tails signing key through the OpenPGP Web of Trust."]]

[[!toggleable id="web-of-trust" text="""
<span class="hide">[[!toggle id="web-of-trust" text=""]]</span>

cbrownstein's avatar
cbrownstein committed
468
<p>The verification techniques that we present (browser extension,
469
BitTorrent, or OpenPGP verification) all rely on some
sajolida's avatar
sajolida committed
470
information being securely downloaded using HTTPS from our website:</p>
471

sajolida's avatar
sajolida committed
472 473 474
<ul>
  <li>The <em>checksum</em> for the Firefox extension</li>
  <li>The <em>Torrent file</em> for BitTorrent</li>
cbrownstein's avatar
cbrownstein committed
475
  <li>The <em>Tails signing key</em> for OpenPGP verification</li>
sajolida's avatar
sajolida committed
476
</ul>
477

cbrownstein's avatar
cbrownstein committed
478
<p>It is possible that you could download malicious information if our
479 480
website is compromised or if you are a victim of a man-in-the-middle
attack.</p>
481

sajolida's avatar
Shorten  
sajolida committed
482
<p>OpenPGP verification is the only technique that protects you if
cbrownstein's avatar
cbrownstein committed
483
our website is compromised or if you are a victim of a man-in-the-middle
484
attack. But, for that you need to authenticate the Tails signing key
cbrownstein's avatar
cbrownstein committed
485
through the OpenPGP Web of Trust.</p>
486 487 488

<div class="note">

489
<p>If you are verifying an image from inside Tails, for
cbrownstein's avatar
cbrownstein committed
490 491
example, to do a manual upgrade, then you already have the Tails signing key.
You can trust this signing key as much as you already trust your
sajolida's avatar
sajolida committed
492 493
Tails installation since this signing key is included in your Tails
installation.</p>
494 495 496

</div>

cbrownstein's avatar
cbrownstein committed
497
<p>One of the inherent problems of standard HTTPS is that the trust put
498 499 500
in a website is defined by certificate authorities: a hierarchical and closed
set of companies and governmental institutions approved by your web browser vendor.
This model of trust has long been criticized and proved several times to be
sajolida's avatar
sajolida committed
501
vulnerable to attacks [[as explained on our warning page|doc/about/warning#man-in-the-middle]].</p>
502

sajolida's avatar
sajolida committed
503
<p>We believe that, instead, users should be given the final say when trusting a
504
website, and that designation of trust should be done on the basis of human
sajolida's avatar
sajolida committed
505
interactions.</p>
506

sajolida's avatar
sajolida committed
507
<p>The OpenPGP [[!wikipedia Web_of_Trust]] is a
cbrownstein's avatar
cbrownstein committed
508
decentralized trust model based on OpenPGP keys that can help with solving
sajolida's avatar
sajolida committed
509
this problem. Let's see this with an example:</p>
510

sajolida's avatar
sajolida committed
511 512
<ol>
  <li>
cbrownstein's avatar
cbrownstein committed
513 514
   <em>You are friends with Alice and you really trust her way of making sure
   that OpenPGP keys actually belong to their owners.</em>
sajolida's avatar
sajolida committed
515
  </li>
516

sajolida's avatar
sajolida committed
517
  <li>
cbrownstein's avatar
cbrownstein committed
518
   <em>Alice met Bob, a Tails developer, in a conference and certified
519
   Bob's key as actually belonging to Bob.</em>
sajolida's avatar
sajolida committed
520
  </li>
521

sajolida's avatar
sajolida committed
522
  <li>
cbrownstein's avatar
cbrownstein committed
523
    <em>Bob is a Tails developer who directly owns the Tails signing key. So,
524
    Bob has certified the Tails signing key as actually belonging to Tails.</em>
sajolida's avatar
sajolida committed
525 526
  </li>
</ol>
527

sajolida's avatar
sajolida committed
528
<p>In this scenario, you found, through Alice and Bob, a path to trust the Tails signing key
sajolida's avatar
sajolida committed
529
without the need to rely on certificate authorities.</p>
530 531 532 533 534 535 536 537 538 539 540 541 542

<div class="tip">

<p>If you are on Debian, Ubuntu, or Linux Mint, you can install the
<code>debian-keyring</code> package which contains the OpenPGP keys of
all Debian developers. Some Debian developers have certified the Tails
signing key and you can use these certifications to build a trust path.
This technique is explained in detail in our instructions on
[[installing Tails from Debian, Ubuntu, or Linux Mint using the command
line|install/expert/usb]].</p>

</div>

sajolida's avatar
sajolida committed
543 544
<p>Relying on the Web of Trust requires both caution and intelligent supervision
by the users. The technical details are outside of the scope of this document.</p>
545

cbrownstein's avatar
cbrownstein committed
546 547
<p>Since the Web of Trust is based on actual human relationships and
real-life interactions, it is best to get in touch with people
548
knowledgeable about OpenPGP and build trust relationships in order to
sajolida's avatar
sajolida committed
549
find your own trust path to the Tails signing key.</p>
550

sajolida's avatar
sajolida committed
551
<p>For example, you can start by contacting a local [[!wikipedia Linux_User_Group]],
552
[[an organization offering Tails training|support/learn]], or other Tails
sajolida's avatar
sajolida committed
553
enthusiasts near you and exchange about their OpenPGP practices.</p>
554 555 556

<div class="tip">

cbrownstein's avatar
cbrownstein committed
557
<p>After you build a trust path, you can certify the Tails signing key by
558 559 560 561 562
signing it with your own key to get rid of some warnings during the
verification process.</p>

</div>

563
"""]]
564 565

</div>