While you are downloading, we recommend you read the [[release notes|doc/upgrade/release_notes]] for Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]. They document all the changes in this new version: new features, problems that were solved, and known issues that have already been identified.
or download using BitTorrent BitTorrent
If the download fails, try to download from another mirror. download from another mirror.
For your security, always verify your download.
[[!toggle id="why-verify" text="Why?"]]
With an unverified download, you might:
[[How does the verification work?|contribute/design/verification_extension]]
"""]]Your BitTorrent client will automatically verify your download when it completes.
The verification below is optional for a BitTorrent download.
You have our Tails Verification extension installed.
Since December 2020, you can do the verification directly on the page. You don't need the Tails Verification anymore and can safely remove it.
See our [[statement about the deprecation of the Tails Verification extension|news/verification_extension_deprecation]].
You seem to have JavaScript disabled. To verify your download, you can either:
You seem to be using Internet Explorer. To verify your download, please use a different browser.
Verifying $FILENAME…
[[!img lib/check.png class="icon" link="no" alt=""]]Verification successful!
[[!img lib/cross.png class="icon" link="no" alt=""]]Verification failed!
[[!toggle id="why-failed" text="Why?"]]
Most likely, the verification failed because of an error or interruption during the download.
The verification also fails if you try to verify a different download than the latest version ([[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]).
Less likely, the verification might have failed because of a malicious download from our download mirrors or due to a network attack in your country or local network.
Downloading again is usually enough to fix this problem.
[[How does the verification work?|contribute/design/verification_extension]]
"""]][[!img lib/cross.png class="icon" link="no" alt=""]]Verification failed again!
[[!toggle id="why-failed-again" text="Why?"]]
The verification might have failed again because of:
Trying from a different place or a different computer might solve any of these issues.
"""]]Please try to download again from a different place or a different computer…
[[!img lib/cross.png class="icon" link="no" alt=""]]Error downloading checksum file from our website.
Make sure that your browser is connected to the Internet.
[[!img lib/cross.png class="icon" link="no" alt=""]]Error reading image $FILENAME.
Make sure that $FILENAME is readable by your browser.
[[!img icons/dialog-warning-small.png class="icon" link="no" alt=""]] [[Skip verification!|win/usb]] [[Skip verification!|linux/usb]] [[Skip verification!|mac/usb]] [[Skip verification!|dvd]] [[Skip verification!|doc/advanced_topics/virtualization]] [[Skip verification!|upgrade/tails]] [[Skip verification!|upgrade/win]] [[Skip verification!|upgrade/mac]] [[Skip verification!|upgrade/linux]] [[Skip verification|doc#install]]
Upgrade your Tails USB stick and keep your Persistent Storage:
Install a new USB stick:
If you know OpenPGP, you can also verify your download using an OpenPGP signature instead of, or in addition to, our verification in the browser or BitTorrent.
Download the OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image and save it to the same folder where you saved the image.
This section provides simplified instructions:
Download the OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image and save it to the same folder where you saved the image.
Download the [[Tails signing key|tails-signing.key]] and import it into Gpg4win.
See the [[Gpg4win documentation on importing keys|https://www.gpg4win.org/doc/en/gpg4win-compendium_15.html]].
Verify the signature of the image that you downloaded.
See the [[Gpg4win documentation on verifying signatures|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]].
Verify that the date of the signature is at most five days earlier than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].
If the following warning appears:
Not enough information to check the signature validity.
Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
The validity of the signature cannot be verified.
Then the image is still correct according to the signing key that you downloaded. To remove this warning you need to authenticate the signing key through the OpenPGP Web of Trust.
Download the OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image and save it to the same folder where you saved the image.
Download the [[Tails signing key|tails-signing.key]] and import it into GPGTools.
See the [[GPGTools documentation on importing keys|https://gpgtools.tenderapp.com/kb/gpg-keychain-faq/how-to-find-public-keys-of-your-friends-and-import-them#import-key-file]].
Open Finder and navigate to the folder where you saved the image and the signature.
Control-click on the image and choose .
Tails comes with the Tails signing key already imported.
Download the OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image and save it to the same folder where you saved the image.
Open the file browser and navigate to the folder where you saved the image and the signature.
Right-click (on Mac, click with two fingers) on the signature and choose .
The verification of the image starts automatically:
[[!img install/inc/screenshots/verifying_in_tails.png link="no"]]
After the verification finishes, you should see a notification that the signature is good:
[[!img install/inc/screenshots/verifying_in_tails_img_good.png link="no"]]
[[!img install/inc/screenshots/verifying_in_tails_iso_good.png link="no"]]
Verify that the date of the signature is at most five days earlier than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].
If instead, you see a notification that the signature is valid but untrusted:
[[!img install/inc/screenshots/verifying_in_tails_img_untrusted.png link="no"]]
[[!img install/inc/screenshots/verifying_in_tails_iso_untrusted.png link="no"]]
Then the image is still correct according to the signing key that you downloaded. To remove this warning you need to authenticate the signing key through the OpenPGP Web of Trust.
Download the OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] USB image OpenPGP signature for the Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]] ISO image and save it to the same folder where you saved the image.
Download the [[Tails signing key|tails-signing.key]] and import it into GnuPGP.
To import the Tails signing key into GnuPGP, open a terminal and navigate to the folder where you saved the Tails signing key.
Execute:
gpg --import tails-signing.key
In a terminal, navigate to the folder where you saved the image and the signature.
Execute:
[[!inline pages="inc/stable_amd64_img_gpg_verify" raw="yes" sort="age"]]
[[!inline pages="inc/stable_amd64_iso_gpg_verify" raw="yes" sort="age"]]
The output of this command should be the following:
[[!inline pages="inc/stable_amd64_img_gpg_signature_output" raw="yes" sort="age"]]
[[!inline pages="inc/stable_amd64_iso_gpg_signature_output" raw="yes" sort="age"]]
Verify that the date of the signature is at most five days earlier than the latest version: [[!inline pages="inc/stable_amd64_date" raw="yes" sort="age"]].
If the output also includes:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Then the image is still correct according to the signing key that you downloaded. To remove this warning you need to authenticate the signing key through the OpenPGP Web of Trust.
Authenticating our signing key through the OpenPGP Web of Trust is the only way that you can be protected in case our website is compromised or if you are a victim of a [[man-in-the-middle attack|doc/about/warning#man-in-the-middle]]. However, it is complicated to do and it might not be possible for everyone because it relies on trust relationships between individuals.
[[!toggle id="web-of-trust" text="Read more about authenticating the Tails signing key through the OpenPGP Web of Trust."]] [[!toggleable id="web-of-trust" text=""" [[!toggle id="web-of-trust" text=""]]The verification techniques that we present (verification in the browser, BitTorrent, or OpenPGP verification) all rely on some information being securely downloaded using HTTPS from our website:
It is possible that you could download malicious information if our website is compromised or if you are a victim of a man-in-the-middle attack.
OpenPGP verification is the only technique that protects you if our website is compromised or if you are a victim of a man-in-the-middle attack. But, for that you need to authenticate the Tails signing key through the OpenPGP Web of Trust.
If you are verifying an image from inside Tails, for example, to do a manual upgrade, then you already have the Tails signing key. You can trust this signing key as much as you already trust your Tails installation since this signing key is included in your Tails installation.
One of the inherent problems of standard HTTPS is that the trust put in a website is defined by certificate authorities: a hierarchical and closed set of companies and governmental institutions approved by your web browser vendor. This model of trust has long been criticized and proved several times to be vulnerable to attacks [[as explained on our warning page|doc/about/warning#man-in-the-middle]].
We believe that, instead, users should be given the final say when trusting a website, and that designation of trust should be done on the basis of human interactions.
The OpenPGP [[!wikipedia Web_of_Trust]] is a decentralized trust model based on OpenPGP keys that can help with solving this problem. Let's see this with an example:
In this scenario, you found, through Alice and Bob, a path to trust the Tails signing key without the need to rely on certificate authorities.
If you are on Debian, Ubuntu, or Linux Mint, you can install the
debian-keyring package which contains the OpenPGP keys of
all Debian developers. Some Debian developers have certified the Tails
signing key and you can use these certifications to build a trust path.
This technique is explained in detail in our instructions on
[[installing Tails from Debian, Ubuntu, or Linux Mint using the command
line|install/expert/usb]].
Relying on the Web of Trust requires both caution and intelligent supervision by the users. The technical details are outside of the scope of this document.
Since the Web of Trust is based on actual human relationships and real-life interactions, it is best to get in touch with people knowledgeable about OpenPGP and build trust relationships in order to find your own trust path to the Tails signing key.
For example, you can start by contacting a local [[!wikipedia Linux_User_Group]], [[an organization offering Tails training|support/learn]], or other Tails enthusiasts near you and exchange about their OpenPGP practices.
After you build a trust path, you can certify the Tails signing key by signing it with your own key to get rid of some warnings during the verification process.