Have Tails Installer verify the ISO image using OpenPGP
Team: u, kurono, kytv, sajolida
As of today, users who download a Tails ISO image are required to
manually
verify the authenticity of this image.
By verifying the SHA hashsum of the ISO
This basically ensures that the correct ISO has been downloaded.
- Using the Firefox extension *
See https://tails.boum.org/blueprint/bootstrapping/verification. Once we get the Verification Extension (#7552 (closed)), users will have automatic verification of their download using a checksum (and possibly something a bit stronger once we get #8191 (closed).
This method however does not provide proof of authenticity of the image.
By verifying the cryptographic signature of the ISO image
Every Tails release is cryptographically signed with the Tails signing
key.
That means, that along with the ISO we also provide an OpenPGP signature
which
can and should be used to verify the authenticity of the image.
This step is essential, but very hard for users, as it not only requires
that
users have a basic understanding of how OpenPGP works, but also that
they
install an OpenPGP software which handles keys and takes care of the
verification process.
Furthermore it implies that users manually download the signature for
each new
Tails release. In our download statistics, it’s clear that the signature
is
downloaded significantly less often than the ISO (about xxx% of people
who
download the ISO also download its cryptographic signature). We have
no
statistics about how many of those users actually do the verification.
It also requires downloading the public Tails signing key once,
verifying its
fingerprint and trusting it, for example by signing it locally.
Make Tails installer the main easy tool to install and verify Tails ISOs
Tails Installer itself could automate some kind of OpenPGP verification as well, at least TrustOnFirstUse and on top of that:
- Rely on the Debian keyring
- Allow people knowledgable about OpenPGP to do their own verification
We are in the process of making Tails installer available in Debian and
other
Linux distributions and plan on porting it to other operating systems.
Along
with the Firefox extension, it could automate as much as possible the
process
of verifying the ISO, by extending the extension through the
verification of
the cryptographic signature.
Subtasks
Related issues
- Related to #7544 (closed)
Original created by @sajolida on 9798 (Redmine)