Commit 210f5528 authored by sajolida's avatar sajolida
Browse files

Merge branch 'doc/16175-unclear-openpgp-verification'

parents a3dc81fc 2dc4594d
...@@ -153,7 +153,7 @@ the image. To take such a screenshot: ...@@ -153,7 +153,7 @@ the image. To take such a screenshot:
We also most of the time resize the screenshots to 66%, either when they are We also most of the time resize the screenshots to 66%, either when they are
too big or when they can be confused for the actual application (see too big or when they can be confused for the actual application (see
[[!tails_ticket 11527]]). Use the *Sinc (Lanczos3)* interpolation in *GIMP*. [[!tails_ticket 11527]]). Use the *NoHalo* interpolation in *GIMP*.
We always compress screenshots using [[compress-image|documentation#image-compress]]. We always compress screenshots using [[compress-image|documentation#image-compress]].
......
...@@ -302,19 +302,11 @@ ...@@ -302,19 +302,11 @@
OpenPGP signature instead of, or in addition to, our browser extension or OpenPGP signature instead of, or in addition to, our browser extension or
BitTorrent.</p> BitTorrent.</p>
<ol> <p>Download the
<li> <a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<p>Download and import the [[Tails signing key|tails-signing.key]].</p> <a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
</li> and save it to the same folder where
you saved the image.</p>
<li>
<p>Download the
<a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
</li>
</ol>
<h3>Basic OpenPGP verification</h3> <h3>Basic OpenPGP verification</h3>
...@@ -336,23 +328,45 @@ BitTorrent.</p> ...@@ -336,23 +328,45 @@ BitTorrent.</p>
<h3>In Windows with <span class="application">Gpg4win</span></h3> <h3>In Windows with <span class="application">Gpg4win</span></h3>
<p>See the [[<span class="application">Gpg4win</span> documentation on <ol>
verifying signatures|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]].</p> <li>
<p>Download the
<a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
</li>
<p>Verify that the date of the signature is at most five days earlier than <li>
the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p> <p>Download the [[Tails signing key|tails-signing.key]] and import it into
<span class="application">Gpg4win</span>.</p>
<p>If the following warning appears:</p> <p>See the [[<span class="application">Gpg4win</span> documentation on
importing keys|https://www.gpg4win.org/doc/en/gpg4win-compendium_15.html]].</p>
</li>
<li>
<p>Verify the signature of the image that you downloaded.</p>
<p>See the [[<span class="application">Gpg4win</span> documentation on
verifying signatures|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]].</p>
<p>Verify that the date of the signature is at most five days earlier than
the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
<pre> <p>If the following warning appears:</p>
Not enough information to check the signature validity.
Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
The validity of the signature cannot be verified.
</pre>
<p>Then the image is still correct according to the signing key that you <pre>
downloaded. To remove this warning you need to <a href="#wot">authenticate the Not enough information to check the signature validity.
signing key through the OpenPGP Web of Trust</a>.</p> Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
The validity of the signature cannot be verified.
</pre>
<p>Then the image is still correct according to the signing key that you
downloaded. To remove this warning you need to <a href="#wot">authenticate the
signing key through the OpenPGP Web of Trust</a>.</p>
</li>
</ol>
<a id="mac"></a> <a id="mac"></a>
...@@ -360,15 +374,29 @@ signing key through the OpenPGP Web of Trust</a>.</p> ...@@ -360,15 +374,29 @@ signing key through the OpenPGP Web of Trust</a>.</p>
<ol> <ol>
<li> <li>
Open <span class="application">Finder</span> and navigate to the <p>Download the
folder where you saved the image and the signature. <a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
</li>
<li>
<p>Download the [[Tails signing key|tails-signing.key]] and import it into
<span class="application">GPGTools</span>.</p>
<p>See the [[<span class="application">GPGTools</span> documentation on
importing keys|https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/how-to-find-public-keys-of-your-friends-and-import-them#import-key-file]].</p>
</li>
<li>
<p>Open <span class="application">Finder</span> and navigate to the
folder where you saved the image and the signature.</p>
</li> </li>
<li> <li>
Control-click on the image and choose <p>Control-click on the image and choose
<span class="guimenuchoice"> <span class="guimenuchoice">
<span class="guisubmenu">Services</span> <span class="guisubmenu">Services</span>
<span class="guimenuitem">OpenPGP: Verify Signature of File</span></span>. <span class="guimenuitem">OpenPGP: Verify Signature of File</span></span>.</p>
</li> </li>
</ol> </ol>
...@@ -376,32 +404,51 @@ signing key through the OpenPGP Web of Trust</a>.</p> ...@@ -376,32 +404,51 @@ signing key through the OpenPGP Web of Trust</a>.</p>
<h3>In Tails</h3> <h3>In Tails</h3>
<p>Tails comes with the Tails signing key already imported.</p>
<ol> <ol>
<li> <li>
Open the file browser and navigate to the folder where you saved the <p>Download the
image and the signature. <a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
</li> </li>
<li> <li>
Right-click (on Mac, click with two fingers) on the signature and choose <span class="guimenuitem">Open With <p>Open the file browser and navigate to the folder where you saved the
Verify Signature</span>. image and the signature.</p>
</li> </li>
<li> <li>
The verification of the image starts automatically: <p>Right-click (on Mac, click with two fingers) on the signature and choose <span class="guimenuitem">Open With
Verify Signature</span>.</p>
</li>
<li>
<p>The verification of the image starts automatically:</p>
<p>[[!img install/inc/screenshots/verifying_in_tails.png link="no"]]</p> <p>[[!img install/inc/screenshots/verifying_in_tails.png link="no"]]</p>
</li> </li>
<li> <li>
After the verification finishes, you should see a notification that the <p>After the verification finishes, you should see a notification that the
signature is good: signature is good:</p>
<p class="windows linux mac upgrade-tails download-only-img">[[!img install/inc/screenshots/verifying_in_tails_img_notification.png link="no"]]</p> <p class="windows linux mac upgrade-tails download-only-img">[[!img install/inc/screenshots/verifying_in_tails_img_good.png link="no"]]</p>
<p class="dvd vm download-only-iso">[[!img install/inc/screenshots/verifying_in_tails_iso_notification.png link="no"]]</p> <p class="dvd vm download-only-iso">[[!img install/inc/screenshots/verifying_in_tails_iso_good.png link="no"]]</p>
<p>Verify that the date of the signature is at most five days earlier <p>Verify that the date of the signature is at most five days earlier
than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p> than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
<p>If instead, you see a notification that the signature is valid but untrusted:</p>
<p class="windows linux mac upgrade-tails download-only-img">[[!img install/inc/screenshots/verifying_in_tails_img_untrusted.png link="no"]]</p>
<p class="dvd vm download-only-iso">[[!img install/inc/screenshots/verifying_in_tails_iso_untrusted.png link="no"]]</p>
<p>Then the image is still correct according to the signing key that you
downloaded. To remove this warning you need to <a href="#wot">authenticate
the signing key through the OpenPGP Web of Trust</a>.</p>
</li> </li>
</ol> </ol>
...@@ -409,11 +456,31 @@ signing key through the OpenPGP Web of Trust</a>.</p> ...@@ -409,11 +456,31 @@ signing key through the OpenPGP Web of Trust</a>.</p>
<h3>Using the command line</h3> <h3>Using the command line</h3>
<ol> <ol>
<li>
<p>Download the
<a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
</li>
<li> <li>
Open a terminal and navigate to the folder where you saved the <p>Download the [[Tails signing key|tails-signing.key]] and import it into
image and the signature. <span class="application">GnuPGP</span>.</p>
<p>To import the Tails signing key into
<span class="application">GnuPGP</span>, open a terminal and navigate to
the folder where you saved the Tails signing key.</p>
<p>Execute:</p>
<p class="pre">gpg --import tails-signing.key</p>
</li>
<li>
<p>In a terminal, navigate to the folder where you saved the
image and the signature.</p>
</li> </li>
<li> <li>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment