search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
More 0.7.2->0.8...
[tails-test.git] / wiki / src / download.html
blob9d86b6780dcb3e52506d143dc2e15644a2e2bc53
1 [[!meta title="Download, verify and install"]]
2
3 <strong>Tails is [[Free Software|license]], you can download it, use it and
4 share it without restriction.</strong>
5
6 <div id="page-download">
7
8 [[!toc levels=1]]
9
10 <div id="first_time_user">
11
12 <h1 class="bullet-number-one">First time user?</h1>
13
14 <ul>
15 <li>If you don't know what a metadata or a man-in-the-middle attack
16 is.</li>
17 <li>If you think no-one can eavesdrop on your communications
18 because you are using Tor.</li>
19 <li>If you have no notion on how Tails works.</li>
20 </ul>
21
22 <p><strong>Then, check first the [[about]] and
23 [[warning|doc/warning]] pages to make sure that Tails is the right tool
24 for you and that you understand well its limitations.</strong></p>
25
26 </div>
27
28 <div id="download_the_image" class="container">
29
30 <h1 class="bullet-number-two">Download the ISO image</h1>
31
32 <div id="http">
33
34 <h2>Direct download</h2>
35
36 <h3>Latest release</h3>
37
38 <p>
39 <a class='download-file' href=[[!inline pages="inc/stable_i386_iso_url" raw="yes"]]>
40 Tails [[!inline pages="inc/stable_i386_version" raw="yes"]] ISO image</a>
41 </p>
42
43 <h3>Cryptographic signature</h3>
44
45 [[!inline pages="lib/download_stable_i386_iso_sig" raw="yes"]]
46
47 <p>If you're not sure what the cryptographic signature is, please go on
48 and read the part on [[verifying the ISO image|download#index3h1]].</p>
49
50 <h3>Set up a web mirror</h3>
51
52 <p>If you're running a web server, you're most welcome to help us spread
53 Tails by [[setting up a web mirror|contribute/how/mirror]].</p>
54
55 </div> <!-- #http -->
56
57 <div id="bittorrent">
58
59 <h2>BitTorrent download</h2>
60
61 <h3>Latest release</h3>
62
63 <p>
64 <a class='download-file' href=[[!inline pages="inc/stable_i386_torrent_url" raw="yes"]]>
65 Tails [[!inline pages="inc/stable_i386_version" raw="yes"]] torrent</a>
66 </p>
67
68 <h3>Cryptographic signature</h3>
69
70 <p>
71 <a class='download-signature' href=[[!inline pages="inc/stable_i386_torrent_sig_url" raw="yes"]]>
72 Tails [[!inline pages="inc/stable_i386_version" raw="yes"]] torrent signature</a>
73 </p>
74
75 <h3>Seed back!</h3>
76
77 <p>Seeding back the image once you downloaded it is also a nice
78 and easy way of helping spread Tails.</p>
79
80 </div> <!-- #bittorrent -->
81
82 </div> <!-- #download_the_image .container -->
83
84 <div id="verify">
85
86 <h1 class="bullet-number-three">Verify the ISO image</h1>
87
88 <p>It is important to check the <span class="definition">[[!wikipedia
89 Data_integrity desc="integrity"]]</span> of the ISO image you downloaded
90 to make sure that the download went well.</p>
91
92 <p><strong>Warning: the following techniques don't provide you with a
93 strong way of checking the ISO image <span
94 class="definition">[[!wikipedia Authentication
95 desc="authenticity"]]</span> and making sure you downloaded a genuine
96 Tails.</strong></p>
97
98 <p>Those techniques rely on standard HTTPS and <span
99 class="definition">[[!wikipedia Certificate_authority desc="certificate
100 authorities"]]</span> to make you trust the content of this website.
101 But, [[as explained on our warning page|doc/warning#index3h1]], you
102 could still be victim of a man-in-the-middle attack while using HTTPS.
103 On this website as much as on any other of the Internet.</p>
104
105 <p>It is anyway a good thing to check the ISO image integrity first. We
106 will propose you after that some more advanced techniques to <a
107 href="#authenticity-check">check the authenticity of the ISO
108 image</a>.</p>
109
110 <p>All Tails ISO image are cryptographically signed by our OpenPGP key.
111 OpenPGP is a standard for data encryption that provides cryptographic
112 privacy and authentication through the use of keys owned by its users.
113 Checking this signature is the recommended way of checking the ISO image
114 integrity.</p>
115
116 <p>Do you want to check the ISO image integrity:</p>
117 <ul>
118 <li>
119 [[!toggle id="verify_the_iso_image_using_gnome"
120 text="Using Linux with Gnome: Ubuntu, Debian, Tails, Fedora, etc."]]
121 </li>
122 <li>
123 [[!toggle id="verify_the_iso_image_using_the_command_line"
124 text="Using Linux with the command line"]]
125 </li>
126 <li>
127 [[!toggle id="verify_the_iso_image_using_other_operating_systems"
128 text="Using other operating systems"]]
129 </li>
130 </ul>
131
132 [[!toggleable id="verify_the_iso_image_using_gnome" text="""
133 <span class="hide">[[!toggle id="verify_the_iso_image_using_gnome"
134 text="Hide"]]</span>
135
136 <h2>Using Linux with Gnome: Ubuntu, Debian, Tails, Fedora, etc.</h2>
137
138 <p>You need to have the <code>seahorse-plugins</code> package
139 installed. If you're not sure or want to install it, under Debian,
140 Ubuntu or Tails you can issue the following commands:</p>
141
142 <pre>
143 sudo apt-get update
144 sudo apt-get install seahorse-plugins
145 </pre>
146
147 <p>First, download Tails signing key:</p>
148
149 [[!inline pages="lib/download_tails_signing_key" raw="yes"]]
150
151 <p>Your browser should propose you to open it with "Import Key". Choose
152 this action. It will add Tails signing key to your keyring, the
153 collection of OpenPGP keys you already imported:</p>
154
155 <p>[[!img download/import_key.png alt="What should Iceweasel do with
156 this file? Open with: Import Key (default)" link="no"]]</p>
157
158 <p>You will get notified will the following message:</p>
159
160 <p>[[!img download/key_imported.png alt="Key Imported. Imported a key
161 for Tails developers (signing key) &lt;tails@boum.org&gt;"
162 link="no"]]</p>
163
164 <p>Now, download the cryptographic signature corresponding to the ISO
165 image you want to verify:</p>
166
167 [[!inline pages="lib/download_stable_i386_iso_sig" raw="yes"]]
168
169 <p>Your browser should propose you to open it with "Verify Signature".
170 Choose this action to start the cryptographic verification:</p>
171
172 <p>[[!img download/verify_signature.png alt="What should Iceweasel do
173 with this file? Open with: Verify Signature (default)" link="no"]]</p>
174
175 <p>Browse your files to select the Tails ISO image you want to verify.
176 Then, the verification will start. It can take several minutes:</p>
177
178 <p>[[!img download/verifying.png alt="Verifying" link="no"]]</p>
179
180 <p><strong>If the ISO image is correct</strong> you will get a
181 notification telling you that the signature is good:</p>
182
183 <p>[[!img download/good_signature.png alt="Goog Signature"
184 link="no"]]</p>
185
186 <p><strong>If the ISO image is not correct</strong> you will get a
187 notification telling you that the signature is bad:</p>
188
189 <p>[[!img download/bad_signature.png alt="Bad Signature: Bad or forged
190 signature." link="no"]]</p>
191 """]]
192
193 [[!toggleable id="verify_the_iso_image_using_the_command_line" text="""
194 <span class="hide">[[!toggle id="verify_the_iso_image_using_the_command_line"
195 text="Hide"]]</span>
196
197 <h2>Using Linux with the command line</h2>
198
199 <p>You need to have GnuPG installed. GnuPG is the common OpenPGP
200 implementation for Linux: it is installed by default under Debian,
201 Ubuntu, Tails and many other distributions.</p>
202
203 <p>First, download Tails signing key:</p>
204
205 [[!inline pages="lib/download_tails_signing_key" raw="yes"]]
206
207 <p>Open a terminal and import Tails signing key with the following
208 commands:</p>
209
210 <pre>
211 cd [the directory in which you downloaded the key]
212 cat tails-signing.key | gpg --import
213 </pre>
214
215 <p>The output should tell you that the key was imported:</p>
216
217 <pre>
218 gpg: key BE2CD9C1: public key "Tails developers (signing key) &lt;tails@boum.org&gt;" imported
219 gpg: Total number processed: 2
220 gpg: imported: 2 (RSA: 2)
221 </pre>
222
223 <p>If you had already imported Tails signing key in the past, the output
224 should tell you that the key was not changed:</p>
225
226 <pre>
227 gpg: key BE2CD9C1: "Tails developers (signing key) &lt;tails@boum.org&gt;" not changed
228 gpg: Total number processed: 2
229 gpg: unchanged: 2
230 </pre>
231
232 <p>Now, download the cryptographic signature corresponding to the ISO
233 image you want to verify and save it in the same folder as the ISO
234 image:</p>
235
236 [[!inline pages="lib/download_stable_i386_iso_sig" raw="yes"]]
237
238 <p>Then start the cryptographic verification, it can take several
239 minutes:</p>
240
241 <pre>
242 cd [the ISO image directory]
243 gpg --verify tails-i386-0.8.iso.pgp tails-i386-0.8.iso
244 </pre>
245
246 <p><strong>If the ISO image is correct</strong> the output will tell you
247 that the signature is good:</p>
248
249 <pre>
250 gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST
251 gpg: using RSA key 1202821CBE2CD9C1
252 gpg: Good signature from "Tails developers (signing key) &lt;tails@boum.org&gt;"
253 </pre>
254
255 <p>This might be followed by a warning saying:</p>
256
257 <pre>
258 gpg: WARNING: This key is not certified with a trusted signature!
259 gpg: There is no indication that the signature belongs to the owner.
260 Primary key fingerprint: 0D24 B36A A9A2 A651 7878 7645 1202 821C BE2C D9C1
261 </pre>
262
263 <p>This doesn't alter the validity of the signature according to the key
264 you downloaded. This warning rather has to do with the trust that you
265 put in Tails signing key. See, [[Trusting Tails signing
266 key|doc/trusting_tails_signing_key]]. To remove this warning you would
267 have to personnally <span class="definition">[[!wikipedia Keysigning
268 desc="sign"]]</span> Tails signing key with your own key.</p>
269
270 <p><strong>If the ISO image is not correct</strong> the output will tell
271 you that the signature is bad:</p>
272
273 <pre>
274 gpg: Signature made Sat 30 Apr 2011 10:53:23 AM CEST
275 gpg: using RSA key 1202821CBE2CD9C1
276 gpg: BAD signature from "Tails developers (signing key) &lt;tails@boum.org&gt;"
277 </pre>
278 """]]
279
280 [[!toggleable id="verify_the_iso_image_using_other_operating_systems" text="""
281 <span class="hide">[[!toggle id="verify_the_iso_image_using_other_operating_systems"
282 text="Hide"]]</span>
283
284 <h2>Using other operating systems</h2>
285
286 <h3>Using Firefox</h3>
287
288 <p>This technique is not using the cryptographic signature as the others
289 do. We propose it because it's especially easy for Windows users.</p>
290
291 <p>Install the CheckIt extension for Firefox available <a
292 href="https://addons.mozilla.org/en-US/firefox/addon/checkit/">here</a>
293 and restart Firefox.</p>
294
295 <p>Here is the checksum (a kind of digital fingerprint) of the ISO
296 image. Select it with your cursor:</p>
297
298 <pre>[[!inline pages="inc/stable_i386_hash" raw="yes"]]</pre>
299
300 <p>Right-click on it and choose "Selected hash (SHA256)" from the
301 contextual menu:</p>
302
303 <p>[[!img download/selected_hash.png alt="Selected hash (SHA256)"
304 link="no"]]</p>
305
306 <p>From the dialog box that shows up, open the ISO image. Then wait for
307 the checksum to compute. This will take several seconds during which
308 your browser will be unresponsive.</p>
309
310 <p><strong>If the ISO image is correct</strong> you will get a
311 notification saying that the checksums match:</p>
312
313 <p>[[!img download/checksums_match.png alt="CheckIt: SHA256 checksums
314 match!" link="no"]]</p>
315
316 <p><strong>If the ISO image is not correct</strong> you will get a
317 notification telling you that the checksums do not match:</p>
318
319 <p>[[!img download/checksums_do_not_match.png alt="SHA256 checksums do
320 not match!" link="no"]]</p>
321
322 <h3>Using the cryptographic signature</h3>
323
324 <p>GnuPG, a common free software implementation of OpenPGP has versions
325 and graphical frontends for both Windows and Mac OS X. This also make it
326 possible to check the cryptographic signature with those operating
327 systems:</p>
328
329 <ul>
330 <li>[[Gpg4win|http://www.gpg4win.org/]], for Windows</li>
331 <li>[[GPGTools|http://www.gpgtools.org/]], for Mac OS X</li>
332 </ul>
333
334 <p>You will find on either of those websites detailed documentation on
335 how to install and use them.</p>
336
337 <h3>For Windows using Gpg4win</h3>
338
339 <p>After installing Gpg4win, download Tails signing key:</p>
340
341 [[!inline pages="lib/download_tails_signing_key" raw="yes"]]
342
343 <p>[[Consult the Gpg4win documentation to import
344 it|http://www.gpg4win.org/doc/en/gpg4win-compendium_15.html]]</p>
345
346 <p>Then, download the cryptographic signature corresponding to the ISO
347 image you want to verify:</p>
348
349 [[!inline pages="lib/download_stable_i386_iso_sig" raw="yes"]]
350
351 <p>[[Consult the Gpg4win documentation to check the
352 signature|http://www.gpg4win.org/doc/en/gpg4win-compendium_24.html#id4]]</p>
353
354 <h3>For Mac OS X using GPGTools</h3>
355
356 <p>After installing GPGTools, you should be able to follow the
357 instruction for Linux with the command line. To open the command line,
358 navigate to your Applications folder, open Utilities, and double click
359 on Terminal.</p> """]]
360
361 <h2><a name="authenticity-check"></a>So how can I check better the ISO
362 image authenticity?</h2>
363
364 <p>But the Tails signing key that you downloaded from this website could
365 be a fake one if you were victim of a [[man-in-the-middle
366 attack|doc/warning#index3h1]].</p>
367
368 <p>Finding a way of trusting better Tails signing key would allow you to
369 authenticate better the ISO image you downloaded. The following page
370 will give you hints on how to increase the trust you can put in the
371 Tails signing key you downloaded:</p>
372
373 <ul>
374 <li>[[Trusting Tails signing key|doc/trusting_tails_signing_key]]</li>
375 </ul>
376
377 <!-- <h2>FIXME: What to do if the image is bad?</h2> -->
378
379 </div> <!-- #verify -->
380
381 <div id="support">
382
383 <h1 class="bullet-number-four">Burn a CD or install onto a USB stick</h1>
384
385 <p>Every ISO image we ship can be either burn on a CD or installed onto a USB stick.</p>
386
387 <h2>Burning a CD</h2>
388 <ul>
389 <li>CDs are read-only so your Tails can't be altered by a virus or an
390 attacker.</li>
391 <li>CDs are cheap but you will need to burn a new CD each time you
392 will update your Tails version (hint: CD-RW).</li>
393 </ul>
394
395 <p>For detailed instructions on how to burn an ISO image under Linux,
396 Windows or Mac OS X you can consult <a
397 href="https://help.ubuntu.com/community/BurningIsoHowto">the
398 corresponding Ubuntu documentation</a>: just replace the Ubuntu ISO
399 image by the Tails ISO image you downloaded and ignore the part on
400 verifying the data integrity since you've already done that.</p>
401
402 <h2>Installing onto a USB stick</h2>
403
404 <p><strong>The content of the USB stick will be lost in the
405 operation.</strong></p>
406
407 <ul>
408 <li>An attacker with physical access to your USB stick or through a
409 virus could alter your Tails.</li>
410 <li>USB sticks can be reused across Tails versions.</li>
411 <li>USB sticks are smaller to fit in your pocket.</li>
412 <li>Older computers might not be able to start from a USB stick.</li>
413 <li>This technique also works for <span
414 class="definition">[[!wikipedia SD_card desc="SD cards"]]</span>. Some
415 SD cards have a read-only switch that can prevent your Tails from
416 being altered.</li>
417 </ul>
418
419 <ul>
420 <li>[[Instructions for Linux|doc/installing_onto_a_usb_stick/linux]]</li>
421 <li>[[Instructions for Windows|doc/installing_onto_a_usb_stick/windows]]</li>
422 </ul>
423
424 <p><strong>FIXME:</strong> mention Intel-based Mac users
425 sometimes need to upgrade their firmware to get the keyboard
426 working in the syslinux boot menu.</p>
427
428 </div> <!-- #support -->
429
430 <div id="stay_tuned">
431
432 <h1 class="bullet-number-five">Stay tuned</h1>
433
434 <p>
435 <strong>It's very important to keep your Tails version up-to-date, otherwise
436 your system will be vulnerable to numerous security holes.</strong> The
437 development team is doing its best to release new versions fixing known
438 security holes on a regular basis.
439 </p>
440
441 <p>New versions are announced on:</p>
442
443 <ul>
444 <li>our <a href='https://boum.org/mailman/listinfo/amnesia-news'>news
445 mailing-list</a></li>
446 <li>our <a href='torrents/rss/index.rss'>RSS</a> and <a
447 href='/torrents/rss/index.atom'>Atom</a> feeds that announces new
448 available BitTorrent files.</li>
449 </ul>
450
451 <p>Refer to our [[security announcements|/security]] feed for more
452 detailed information about the security holes affecting Tails.
453 Furthermore you will be automatically notified of the security holes
454 affecting the version you are using at the startup of a new Tails
455 session.</p>
456
457 <p>Since Tails is based on Debian, it takes advantages of the all of the
458 work done by the Debian security team. As quoted from <a
459 href="http://security.debian.org/">(http://security.debian.org/)</a>:</p>
460
461 <blockquote>Debian takes security very seriously. We handle all
462 security problems brought to our attention and ensure that they are
463 corrected within a reasonable timeframe. Many advisories are coordinated
464 with other free software vendors and are published the same day a
465 vulnerability is made public and we also have a Security Audit team that
466 reviews the archive looking for new or unfixed security bugs.
467 </blockquote>
468
469 <blockquote>Experience has shown that "security through obscurity" does
470 not work. Public disclosure allows for more rapid and better solutions
471 to security problems. In that vein, this page addresses Debian's status
472 with respect to various known security holes, which could potentially
473 affect Debian.</blockquote>
474
475 </div> <!-- #stay_tuned-->
476
477 <div id="boot">
478
479 <h1 class="bullet-number-six">Start Tails!</h1>
480
481 <p>Now that you have a Tails CD or USB stick you can shutdown your
482 computer and start using Tails without altering your existing operating
483 system.</p>
484
485 <p><strong>If you're using a CD:</strong> Put the Tails CD into the
486 CD/DVD-drive and restart the computer. You should see a welcome screen
487 prompting you to choose your language.</p>
488
489 <p>If you don't get this menu, you can consult the Ubuntu documentation
490 about <a href="https://help.ubuntu.com/community/BootFromCD">booting
491 from the CD</a> for more information, especially the part on the <a
492 href="https://help.ubuntu.com/community/BootFromCD#BIOS%20is%20not%20set%20to%20boot%20from%20CD%20or%20DVD%20drive">
493 BIOS settings</a>.</p>
494
495 <p><strong>If you're using a USB stick:</strong> Shutdown the computer,
496 plug in your USB stick and start the computer. You should see a welcome
497 screen prompting you to choose your language.</p>
498
499 <p>If your computer does not automatically do so, you might need to edit
500 the BIOS settings. Restart your computer, and watch for a message
501 telling you which key to press to enter the BIOS setup. It will usually
502 be one of F1, F2, DEL, ESC or F10. Press this key while your computer is
503 booting to edit your BIOS settings. You need to edit the Boot Order.
504 Depending on your computer you should see an entry for 'removable drive'
505 or 'USB media'. Move this to the top of the list to force the computer
506 to attempt to boot from USB before booting from the hard disk. Save your
507 changes and continue.</p>
508
509 <p>For more detailed instruction on how to boot from USB you can read <a
510 href="http://pcsupport.about.com/od/tipstricks/ht/bootusbflash.htm">About.com:
511 How To Boot your Computer from a Bootable USB Device</a></p>
512
513 <p>If you have problems accessing the BIOS, try to read <a
514 href="http://www.pendrivelinux.com/how-to-access-bios/">pendrivelinux.com:
515 How to Access BIOS</a></p>
516
517 </div><!-- #boot" -->
518 </div> <!-- #download -->
519
tails mirror test with git rewrite