[[!meta title="Download, verify and install"]] Tails is [[Free Software|doc/about/license]], you can download it, use it and share it without restriction.
Then, check first the [[about]] and [[warning|doc/about/warning]] pages to make sure that Tails is the right tool for you and that you understand well its limitations.
You will download Tails in the form of an [[!wikipedia ISO_image desc="ISO image"]]: a single file that you will later burn on a CD or installed onto a USB stick.
If you're not sure what the cryptographic signature is, please go on and read the part on [[verifying the ISO image|download#index3h1]].
If you're running a web server, you're most welcome to help us spread Tails by [[setting up a web mirror|contribute/how/mirror]].
Seeding back the image once you downloaded it is also a nice and easy way of helping spread Tails.
It is important to check the [[!wikipedia Data_integrity desc="integrity"]] of the ISO image you downloaded to make sure that the download went well.
Warning: the following techniques don't provide you with a strong way of checking the ISO image [[!wikipedia Authentication desc="authenticity"]] and making sure you downloaded a genuine Tails.
Those techniques rely on standard HTTPS and [[!wikipedia Certificate_authority desc="certificate authorities"]] to make you trust the content of this website. But, [[as explained on our warning page|doc/about/warning#index3h1]], you could still be victim of a man-in-the-middle attack while using HTTPS. On this website as much as on any other of the Internet.
It is anyway a good thing to check the ISO image integrity first. We will propose you after that some more advanced techniques to check the authenticity of the ISO image.
All Tails ISO image are cryptographically signed by our OpenPGP key. OpenPGP is a standard for data encryption that provides cryptographic privacy and authentication through the use of keys owned by its users. Checking this signature is the recommended way of checking the ISO image integrity.
Do you want to check the ISO image integrity:
You need to have the
installed. If you're not sure or want to install it, under Debian,
Ubuntu or Tails you can issue the following commands:
sudo apt-get update sudo apt-get install seahorse-plugins
First, download Tails signing key:[[!inline pages="lib/download_tails_signing_key" raw="yes"]]
Your browser should propose you to open it with "Import Key". Choose this action. It will add Tails signing key to your keyring, the collection of OpenPGP keys you already imported:
[[!img download/import_key.png alt="What should Iceweasel do with this file? Open with: Import Key (default)" link="no"]]
You will get notified will the following message:
[[!img download/key_imported.png alt="Key Imported. Imported a key for Tails developers (signing key) <email@example.com>" link="no"]]
Now, download the cryptographic signature corresponding to the ISO image you want to verify:[[!inline pages="lib/download_stable_i386_iso_sig" raw="yes"]]
Your browser should propose you to open it with "Verify Signature". Choose this action to start the cryptographic verification:
[[!img download/verify_signature.png alt="What should Iceweasel do with this file? Open with: Verify Signature (default)" link="no"]]
Browse your files to select the Tails ISO image you want to verify. Then, the verification will start. It can take several minutes:
[[!img download/verifying.png alt="Verifying" link="no"]]
If the ISO image is correct you will get a notification telling you that the signature is good:
[[!img download/good_signature.png alt="Goog Signature" link="no"]]
If the ISO image is not correct you will get a notification telling you that the signature is bad:
[[!img download/bad_signature.png alt="Bad Signature: Bad or forged signature." link="no"]]"""]] [[!toggleable id="verify_the_iso_image_using_the_command_line" text=""" [[!toggle id="verify_the_iso_image_using_the_command_line" text="Hide"]]
You need to have GnuPG installed. GnuPG is the common OpenPGP implementation for Linux: it is installed by default under Debian, Ubuntu, Tails and many other distributions.
First, download Tails signing key:[[!inline pages="lib/download_tails_signing_key" raw="yes"]]
Open a terminal and import Tails signing key with the following commands:
cd [the directory in which you downloaded the key] cat tails-signing.key | gpg --import
The output should tell you that the key was imported:
gpg: key BE2CD9C1: public key "Tails developers (signing key) <firstname.lastname@example.org>" imported gpg: Total number processed: 2 gpg: imported: 2 (RSA: 2)
If you had already imported Tails signing key in the past, the output should tell you that the key was not changed:
gpg: key BE2CD9C1: "Tails developers (signing key) <email@example.com>" not changed gpg: Total number processed: 2 gpg: unchanged: 2
Now, download the cryptographic signature corresponding to the ISO image you want to verify and save it in the same folder as the ISO image:[[!inline pages="lib/download_stable_i386_iso_sig" raw="yes"]]
Then start the cryptographic verification, it can take several minutes:
cd [the ISO image directory] gpg --verify tails-i386-0.8.1.iso.pgp tails-i386-0.8.1.iso
If the ISO image is correct the output will tell you that the signature is good:
gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST gpg: using RSA key 1202821CBE2CD9C1 gpg: Good signature from "Tails developers (signing key) <firstname.lastname@example.org>"
This might be followed by a warning saying:
gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 0D24 B36A A9A2 A651 7878 7645 1202 821C BE2C D9C1
This doesn't alter the validity of the signature according to the key you downloaded. This warning rather has to do with the trust that you put in Tails signing key. See, [[Trusting Tails signing key|doc/trusting_tails_signing_key]]. To remove this warning you would have to personnally [[!wikipedia Keysigning desc="sign"]] Tails signing key with your own key.
If the ISO image is not correct the output will tell you that the signature is bad:
gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST gpg: using RSA key 1202821CBE2CD9C1 gpg: BAD signature from "Tails developers (signing key) <email@example.com>""""]] [[!toggleable id="verify_the_iso_image_using_other_operating_systems" text=""" [[!toggle id="verify_the_iso_image_using_other_operating_systems" text="Hide"]]
This technique is not using the cryptographic signature as the others do. We propose it because it's especially easy for Windows users.
Install the CheckIt extension for Firefox available here and restart Firefox.
Here is the checksum (a kind of digital fingerprint) of the ISO image. Select it with your cursor:
[[!inline pages="inc/stable_i386_hash" raw="yes"]]
Right-click on it and choose "Selected hash (SHA256)" from the contextual menu:
[[!img download/selected_hash.png alt="Selected hash (SHA256)" link="no"]]
From the dialog box that shows up, open the ISO image. Then wait for the checksum to compute. This will take several seconds during which your browser will be unresponsive.
If the ISO image is correct you will get a notification saying that the checksums match:
[[!img download/checksums_match.png alt="CheckIt: SHA256 checksums match!" link="no"]]
If the ISO image is not correct you will get a notification telling you that the checksums do not match:
[[!img download/checksums_do_not_match.png alt="SHA256 checksums do not match!" link="no"]]
GnuPG, a common free software implementation of OpenPGP has versions and graphical frontends for both Windows and Mac OS X. This also make it possible to check the cryptographic signature with those operating systems:
You will find on either of those websites detailed documentation on how to install and use them.
After installing Gpg4win, download Tails signing key:[[!inline pages="lib/download_tails_signing_key" raw="yes"]]
[[Consult the Gpg4win documentation to import it|http://www.gpg4win.org/doc/en/gpg4win-compendium_15.html]]
Then, download the cryptographic signature corresponding to the ISO image you want to verify:[[!inline pages="lib/download_stable_i386_iso_sig" raw="yes"]]
[[Consult the Gpg4win documentation to check the signature|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]]
After installing GPGTools, you should be able to follow the instruction for Linux with the command line. To open the command line, navigate to your Applications folder, open Utilities, and double click on Terminal."""]]
But the Tails signing key that you downloaded from this website could be a fake one if you were victim of a [[man-in-the-middle attack|doc/about/warning#index3h1]].
Finding a way of trusting better Tails signing key would allow you to authenticate better the ISO image you downloaded. The following page will give you hints on how to increase the trust you can put in the Tails signing key you downloaded:
Every ISO image we ship can be either burn on a CD or installed onto a USB stick.
For detailed instructions on how to burn an ISO image under Linux, Windows or Mac OS X you can consult the corresponding Ubuntu documentation: just replace the Ubuntu ISO image by the Tails ISO image you downloaded and ignore the part on verifying the data integrity since you've already done that.
The content of the USB stick will be lost in the operation.
FIXME: mention Intel-based Mac users sometimes need to upgrade their firmware to get the keyboard working in the syslinux boot menu.
It's very important to keep your Tails version up-to-date, otherwise your system will be vulnerable to numerous security holes. The development team is doing its best to release new versions fixing known security holes on a regular basis.
New versions are announced on:
Refer to our [[security announcements|/security]] feed for more detailed information about the security holes affecting Tails. Furthermore you will be automatically notified of the security holes affecting the version you are using at the startup of a new Tails session.
Since Tails is based on Debian, it takes advantages of the all of the work done by the Debian security team. As quoted from (http://security.debian.org/):
Debian takes security very seriously. We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe. Many advisories are coordinated with other free software vendors and are published the same day a vulnerability is made public and we also have a Security Audit team that reviews the archive looking for new or unfixed security bugs.
Experience has shown that "security through obscurity" does not work. Public disclosure allows for more rapid and better solutions to security problems. In that vein, this page addresses Debian's status with respect to various known security holes, which could potentially affect Debian.
Now that you have a Tails CD or USB stick you can shutdown your computer and start using Tails without altering your existing operating system.
If you're using a CD: Put the Tails CD into the CD/DVD-drive and restart the computer. You should see a welcome screen prompting you to choose your language.
If you're using a USB stick: Shutdown the computer, plug in your USB stick and start the computer. You should see a welcome screen prompting you to choose your language.
If your computer does not automatically do so, you might need to edit the BIOS settings. Restart your computer, and watch for a message telling you which key to press to enter the BIOS setup. It will usually be one of F1, F2, DEL, ESC or F10. Press this key while your computer is booting to edit your BIOS settings. You need to edit the Boot Order. Depending on your computer you should see an entry for 'removable drive' or 'USB media'. Move this to the top of the list to force the computer to attempt to boot from USB before booting from the hard disk. Save your changes and continue.
For more detailed instruction on how to boot from USB you can read About.com: How To Boot your Computer from a Bootable USB Device
If you have problems accessing the BIOS, try to read pendrivelinux.com: How to Access BIOS