Have Tails Installer verify the ISO image using OpenPGP
Team: u, kurono, kytv, sajolida
As of today, users who download a Tails ISO image are required to
verify the authenticity of this image.
By verifying the SHA hashsum of the ISO
This basically ensures that the correct ISO has been downloaded.
- Using the Firefox extension *
See https://tails.boum.org/blueprint/bootstrapping/verification. Once we get the Verification Extension (#7552 (closed)), users will have automatic verification of their download using a checksum (and possibly something a bit stronger once we get #8191 (closed).
This method however does not provide proof of authenticity of the image.
By verifying the cryptographic signature of the ISO image
Every Tails release is cryptographically signed with the Tails signing
That means, that along with the ISO we also provide an OpenPGP signature which
can and should be used to verify the authenticity of the image.
This step is essential, but very hard for users, as it not only requires
users have a basic understanding of how OpenPGP works, but also that they
install an OpenPGP software which handles keys and takes care of the
Furthermore it implies that users manually download the signature for
Tails release. In our download statistics, it’s clear that the signature is
downloaded significantly less often than the ISO (about xxx% of people who
download the ISO also download its cryptographic signature). We have no
statistics about how many of those users actually do the verification.
It also requires downloading the public Tails signing key once,
fingerprint and trusting it, for example by signing it locally.
Make Tails installer the main easy tool to install and verify Tails ISOs
Tails Installer itself could automate some kind of OpenPGP verification as well, at least TrustOnFirstUse and on top of that:
- Rely on the Debian keyring
- Allow people knowledgable about OpenPGP to do their own verification
We are in the process of making Tails installer available in Debian and
Linux distributions and plan on porting it to other operating systems. Along
with the Firefox extension, it could automate as much as possible the process
of verifying the ISO, by extending the extension through the verification of
the cryptographic signature.
- Related to #7544 (closed)