[Tails-dev] Easy verification steps for OS X

Delete this message

Reply to this message
Author: steve
Date:  
To: tails-dev
Subject: [Tails-dev] Easy verification steps for OS X
Dear all,

I am not signed up to this mailing list, so use cc: for any relevant replies.

The current verification steps for OS X users are, to put things mildly, broken.

Current procedure:
Users would follow this link: https://tails.boum.org/download/index.en.html#download.verify-the-iso-image-using-other-operating-systems <https://tails.boum.org/download/index.en.html#download.verify-the-iso-image-using-other-operating-systems>
then have to follow this link: https://tails.boum.org/doc/get/verify_the_iso_image_using_the_command_line/index.en.html <https://tails.boum.org/doc/get/verify_the_iso_image_using_the_command_line/index.en.html>
and those instructions are really hard to read and follow.

Many unexperienced users will not be able to do this. They will give up and not attempt to use Tails - at all.

In GPGTools support we receive occasional feedback from very confused Tails users, unable to verify their download. The latest example from yesterday is: https://gpgtools.tenderapp.com/discussions/problems/47413-what-is-the-protocol-for-verifying-a-signature-from-a-file <https://gpgtools.tenderapp.com/discussions/problems/47413-what-is-the-protocol-for-verifying-a-signature-from-a-file> This is not the only case and I am sure there are many more which just give up, without even bothering to write a feedback report.

So here are some improved, shorter and easier to follow verification steps for OS X in markdown:

To verify the signature of your tails file

1. download the Tails iso file and
1. the gpg signature file from https://tails.boum.org/download
1. click this [link](https://tails.boum.org/tails-signing.key) to display / download our key
1. download and install [GPG Suite](https://gpgtools.org/gpgsuite)
1. open GPG Keychain and drag the tails-signing.key into the main window to import the key
1. make sure that dmg and sig file both are located in the same folder
1. right-click signature or dmg file and select Services > OpenPGP: Verify Signature of File and allow a moment for processing

If everything is ok, the verification result will look similar to this:



I think you’d do your OS X users a big favor by updating the website description. I’d love to see a dedicated OS X section and not have windows / OS X mixed up under „other operating systems“ here https://tails.boum.org/download/index.en.html#download.verify-the-iso-image-using-other-operating-systems <https://tails.boum.org/download/index.en.html#download.verify-the-iso-image-using-other-operating-systems>

Ideally the specific OS X instructions would open an expanding section (analogue to what the current solution for „other operating systems“ does) but only include the OS X instructions.

I hope this is useful and can be added to the website. This should solve https://labs.riseup.net/code/issues/7147

Kindly,
steve