|
[[!meta title="Install Tails from Debian or Ubuntu using the command line and GnuPG"]]
|
|
|
[[!meta stylesheet="inc/stylesheets/expert" rel="stylesheet" title=""]]
|
|
|
<h1 id="verify-key" class="step">Verify the Tails signing key</h1>
|
|
|
<p>If you already certified the Tails signing key with your own key, you
can skip this step and start [[downloading and verifying the USB
image|expert#download]].</p>
|
|
|
In this step, you will download and verify the *Tails signing key* which is the OpenPGP key that is used to cryptographically sign the Tails USB image.
|
|
|
<div class="note">
|
|
|
<p>To follow these instructions you need to have your own OpenPGP
key.</p>
|
|
|
<p>To learn how to create yourself an OpenPGP key, see
<a href="https://riseup.net/en/security/message-security/openpgp/gpg-keys">Managing
OpenPGP Keys</a> by <em>Riseup</em>.</p>
|
|
|
This verification technique uses the OpenPGP Web of Trust and the certification made by official Debian developers on the Tails signing key.
|
|
|
Import the Tails signing key in your <span class="application">GnuPG</span> keyring:
|
|
|
wget https://tails.net/tails-signing.key
gpg --import < tails-signing.key
|
|
|
Install the Debian keyring. It contains the OpenPGP keys of all Debian developers:
|
|
|
sudo apt update && sudo apt install debian-keyring
|
|
|
Import the OpenPGP key of [[!wikipedia Chris_Lamb_(software_developer) desc="Chris Lamb"]], a former Debian Project Leader, from the Debian keyring into your keyring:
|
|
|
gpg --keyring=/usr/share/keyrings/debian-keyring.gpg --export chris@chris-lamb.co.uk | gpg --import
|
|
|
Verify the certifications made on the Tails signing key:
|
|
|
gpg --keyid-format 0xlong --check-sigs A490D0F4D311A4153E2BB7CADBB802B258ACD84F
|
|
|
In the output of this command, look for the following line:
|
|
|
sig! 0x1E953E27D4311E58 2020-03-19 Chris Lamb <chris@chris-lamb.co.uk>
|
|
|
Here, <code>sig!</code>, with an exclamation mark, means that Chris
Lamb verified and certified the Tails signing key with his key.
|
|
