I know I see the little button that does it automatically but I don’t want to use that I want to know how to do it correctly. -Problem is, every guide says to use the .asc file. I don’t have that, tails gave me a .IMG file, a .SIG file, and then I downloaded a tails-signing.key file. How do I manually verify this file with just those files?

  • Limonene@lemmy.world
    link
    fedilink
    arrow-up
    9
    ·
    15 days ago

    Have you imported the tails-signing.key yet? Usually you can double-click on that to import it using whatever graphical gpg frontend is set up on your system. It may ask you how well you trust the owner of the key. You can answer that question however you want without affecting this verification process.

    Next, it looks like you run the instructions from this page: https://tails.net/install/expert/index.en.html#verify

    Some of those command line parameters look a little paranoid. The basic command you want to run is: gpg --verify somefile.sig somefile.img

  • vegetaaaaaaa@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    14 days ago
    wget --continue --timestamping --show-progress https://tails.boum.org/tails-signing.key
    wget --continue --timestamping --show-progress https://tails.boum.org/torrents/files/tails-amd64-6.8.1.iso.sig
    gpg --import "tails-signing.key"
    wget --continue --timestamping --show-progress https://mirrors.wikimedia.org/tails/stable/tails-amd64-6.8.1/tails-amd64-6.8.1.img
    gpg --keyid-format 0xlong --verify tails-amd64-6.8.1.iso.sig tails-amd64-6.8.1.img
    

    (adapted from my script https://gitlab.com/nodiscc/distrib-dl / https://github.com/nodiscc/distrib-dl)