Have Tails Installer verify the ISO image using OpenPGP

Team: u, kurono, kytv, sajolida

As of today, users who download a Tails ISO image are required to manually
verify the authenticity of this image.

By verifying the SHA hashsum of the ISO

This basically ensures that the correct ISO has been downloaded.

• Using the Firefox extension *
  See https://tails.boum.org/blueprint/bootstrapping/verification. Once we get the Verification Extension (#7552 (closed)), users will have automatic verification of their download using a checksum (and possibly something a bit stronger once we get #8191 (closed).

This method however does not provide proof of authenticity of the image.

By verifying the cryptographic signature of the ISO image

Every Tails release is cryptographically signed with the Tails signing key.
That means, that along with the ISO we also provide an OpenPGP signature which
can and should be used to verify the authenticity of the image.

This step is essential, but very hard for users, as it not only requires that
users have a basic understanding of how OpenPGP works, but also that they
install an OpenPGP software which handles keys and takes care of the
verification process.

Furthermore it implies that users manually download the signature for each new
Tails release. In our download statistics, it’s clear that the signature is
downloaded significantly less often than the ISO (about xxx% of people who
download the ISO also download its cryptographic signature). We have no
statistics about how many of those users actually do the verification.

It also requires downloading the public Tails signing key once, verifying its
fingerprint and trusting it, for example by signing it locally.

Make Tails installer the main easy tool to install and verify Tails ISOs

Tails Installer itself could automate some kind of OpenPGP verification as well, at least TrustOnFirstUse and on top of that:

• Rely on the Debian keyring
• Allow people knowledgable about OpenPGP to do their own verification

We are in the process of making Tails installer available in Debian and other
Linux distributions and plan on porting it to other operating systems. Along
with the Firefox extension, it could automate as much as possible the process
of verifying the ISO, by extending the extension through the verification of
the cryptographic signature.

Subtasks

• #10315 (closed)
• #10316 (closed)
• #10320 (closed)
• #10321 (closed)

Related issues

• Related to #7544 (closed)

Original created by @sajolida on 9798 (Redmine)