Commit 210f5528 authored by sajolida's avatar sajolida
Browse files

Merge branch 'doc/16175-unclear-openpgp-verification'

parents a3dc81fc 2dc4594d
......@@ -153,7 +153,7 @@ the image. To take such a screenshot:
We also most of the time resize the screenshots to 66%, either when they are
too big or when they can be confused for the actual application (see
[[!tails_ticket 11527]]). Use the *Sinc (Lanczos3)* interpolation in *GIMP*.
[[!tails_ticket 11527]]). Use the *NoHalo* interpolation in *GIMP*.
We always compress screenshots using [[compress-image|documentation#image-compress]].
......
......@@ -302,19 +302,11 @@
OpenPGP signature instead of, or in addition to, our browser extension or
BitTorrent.</p>
<ol>
<li>
<p>Download and import the [[Tails signing key|tails-signing.key]].</p>
</li>
<li>
<p>Download the
<a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
</li>
</ol>
<p>Download the
<a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
<h3>Basic OpenPGP verification</h3>
......@@ -336,23 +328,45 @@ BitTorrent.</p>
<h3>In Windows with <span class="application">Gpg4win</span></h3>
<p>See the [[<span class="application">Gpg4win</span> documentation on
verifying signatures|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]].</p>
<ol>
<li>
<p>Download the
<a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
</li>
<p>Verify that the date of the signature is at most five days earlier than
the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
<li>
<p>Download the [[Tails signing key|tails-signing.key]] and import it into
<span class="application">Gpg4win</span>.</p>
<p>If the following warning appears:</p>
<p>See the [[<span class="application">Gpg4win</span> documentation on
importing keys|https://www.gpg4win.org/doc/en/gpg4win-compendium_15.html]].</p>
</li>
<pre>
Not enough information to check the signature validity.
Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
The validity of the signature cannot be verified.
</pre>
<li>
<p>Verify the signature of the image that you downloaded.</p>
<p>Then the image is still correct according to the signing key that you
downloaded. To remove this warning you need to <a href="#wot">authenticate the
signing key through the OpenPGP Web of Trust</a>.</p>
<p>See the [[<span class="application">Gpg4win</span> documentation on
verifying signatures|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]].</p>
<p>Verify that the date of the signature is at most five days earlier than
the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
<p>If the following warning appears:</p>
<pre>
Not enough information to check the signature validity.
Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
The validity of the signature cannot be verified.
</pre>
<p>Then the image is still correct according to the signing key that you
downloaded. To remove this warning you need to <a href="#wot">authenticate the
signing key through the OpenPGP Web of Trust</a>.</p>
</li>
</ol>
<a id="mac"></a>
......@@ -360,15 +374,29 @@ signing key through the OpenPGP Web of Trust</a>.</p>
<ol>
<li>
Open <span class="application">Finder</span> and navigate to the
folder where you saved the image and the signature.
<p>Download the
<a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
</li>
<li>
Control-click on the image and choose
<p>Download the [[Tails signing key|tails-signing.key]] and import it into
<span class="application">GPGTools</span>.</p>
<p>See the [[<span class="application">GPGTools</span> documentation on
importing keys|https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/how-to-find-public-keys-of-your-friends-and-import-them#import-key-file]].</p>
</li>
<li>
<p>Open <span class="application">Finder</span> and navigate to the
folder where you saved the image and the signature.</p>
</li>
<li>
<p>Control-click on the image and choose
<span class="guimenuchoice">
<span class="guisubmenu">Services</span>
<span class="guimenuitem">OpenPGP: Verify Signature of File</span></span>.
<span class="guimenuitem">OpenPGP: Verify Signature of File</span></span>.</p>
</li>
</ol>
......@@ -376,32 +404,51 @@ signing key through the OpenPGP Web of Trust</a>.</p>
<h3>In Tails</h3>
<p>Tails comes with the Tails signing key already imported.</p>
<ol>
<li>
Open the file browser and navigate to the folder where you saved the
image and the signature.
<p>Download the
<a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
</li>
<li>
<p>Open the file browser and navigate to the folder where you saved the
image and the signature.</p>
</li>
<li>
Right-click (on Mac, click with two fingers) on the signature and choose <span class="guimenuitem">Open With
Verify Signature</span>.
<p>Right-click (on Mac, click with two fingers) on the signature and choose <span class="guimenuitem">Open With
Verify Signature</span>.</p>
</li>
<li>
The verification of the image starts automatically:
<p>The verification of the image starts automatically:</p>
<p>[[!img install/inc/screenshots/verifying_in_tails.png link="no"]]</p>
</li>
<li>
After the verification finishes, you should see a notification that the
signature is good:
<p>After the verification finishes, you should see a notification that the
signature is good:</p>
<p class="windows linux mac upgrade-tails download-only-img">[[!img install/inc/screenshots/verifying_in_tails_img_notification.png link="no"]]</p>
<p class="dvd vm download-only-iso">[[!img install/inc/screenshots/verifying_in_tails_iso_notification.png link="no"]]</p>
<p class="windows linux mac upgrade-tails download-only-img">[[!img install/inc/screenshots/verifying_in_tails_img_good.png link="no"]]</p>
<p class="dvd vm download-only-iso">[[!img install/inc/screenshots/verifying_in_tails_iso_good.png link="no"]]</p>
<p>Verify that the date of the signature is at most five days earlier
than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].</p>
<p>If instead, you see a notification that the signature is valid but untrusted:</p>
<p class="windows linux mac upgrade-tails download-only-img">[[!img install/inc/screenshots/verifying_in_tails_img_untrusted.png link="no"]]</p>
<p class="dvd vm download-only-iso">[[!img install/inc/screenshots/verifying_in_tails_iso_untrusted.png link="no"]]</p>
<p>Then the image is still correct according to the signing key that you
downloaded. To remove this warning you need to <a href="#wot">authenticate
the signing key through the OpenPGP Web of Trust</a>.</p>
</li>
</ol>
......@@ -409,11 +456,31 @@ signing key through the OpenPGP Web of Trust</a>.</p>
<h3>Using the command line</h3>
<ol>
<li>
<p>Download the
<a class="windows linux mac upgrade-tails download-only-img" href="[[!inline pages="inc/stable_amd64_img_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image</a>
<a class="dvd vm download-only-iso" href="[[!inline pages="inc/stable_amd64_iso_sig_url" raw="yes" sort="age"]]">OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image</a>
and save it to the same folder where
you saved the image.</p>
</li>
<li>
<p>Download the [[Tails signing key|tails-signing.key]] and import it into
<span class="application">GnuPGP</span>.</p>
<p>To import the Tails signing key into
<span class="application">GnuPGP</span>, open a terminal and navigate to
the folder where you saved the Tails signing key.</p>
<p>Execute:</p>
<p class="pre">gpg --import tails-signing.key</p>
</li>
<li>
Open a terminal and navigate to the folder where you saved the
image and the signature.
<p>In a terminal, navigate to the folder where you saved the
image and the signature.</p>
</li>
<li>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment