LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   TAILS iso file verification help (https://www.linuxquestions.org/questions/linux-newbie-8/tails-iso-file-verification-help-4175545049/)

jeniveve 06-11-2015 01:22 AM
TAILS iso file verification help
 
Hi,
I am a complete newbie, and this has to do with verifying the TAILS iso which I have been told is a product of Linux and that this is the correct forum to post on. If this is not the case, please let me know and I will post where appropriate.

I have downloaded and tried to verify the TAILS iso file numerous times now (I believe 9?) using gpg4win and I keep getting this message:
"Signed on 2015-05-11 13:56 with unknown certificate 0xBA2C222F44AC00ED9899389398FEC6BC752A3DB6.
The validity of the signature cannot be verified."

I have never gotten what is displayed on the TAILS website, "Signed on … by tails@boum.org (Key ID: 0xBE2CD9C1..."

A friend has told me that this message means I am getting man-in-the-middle attacks and someone is messing with my network??

I somewhat understand what a man-in-the-middle attack is but I can't imagine anyone monitoring me of all people, does this message actually mean that or could I just be doing something wrong?

Thank you,
Jennifer

Jjex22 06-11-2015 02:28 AM
Hi there, Welcome to the forums!

Tails is indeed Linux, it's just been put together to force all communication through the tor network.

Whilst possible, it's unlikely to be a man in the middle attack, it's more likely that the download has picked up an error. This is why we use checksums - to tell us if there's been an error. First step is to re-download tails.

It is very important to remember that neither tails nor tor make you anonymous, just harder to find. If you are looking into tails, I would strongly recommend reading their material as well as that by the tor project. It is far more important to act anonymous than to be hidden when using these services.

Also be aware that with tor, many of the endpoints in the network are 'sniffed' (a real man in the middle attack) - this means that they are provided by governments, and/or shady fellows who snoop on the traffic as it leaves the network. Be very careful and read that info before using.

A better option is through a paid anonymous VPN - pay with one of those MasterCard travel cards you can get in target and use a disposable email to sign up. You'll get better speed too.

JJ

John VV 06-11-2015 02:33 AM
if you used a torrent client , then it is automatic and already done
Quote:
TAILS iso which I have been told is a product of Linux
yes but it is a VERY SPECIAL operating system and used really ONLY as a live dvd

it is NOT!!!! a normal everyday operating system

do to the security needs of tails browsing the web will be rather difficult and some web sites you will never be able to use
( tor browser issues and Op-Sec issues )

if you are using microsoft windows
DO NOT!!!!!!
repeat DO NOT save to your DESKTOP using internet explorer
-- known reported problems

use bittorrent or some other torrent client for MS windows
and use the .torrent file
https://tails.boum.org/torrents/file...86-1.4.torrent
h t t p s : / / tails.boum.org/torrents/files/tails-i386-1.4.torrent

veerain 06-11-2015 04:01 AM
You should get the public key certificate or keyid from TAILS website. And download the public file using 'pgp.mit.edu' or similar. Then run gpg to verify.


All times are GMT -5. The time now is 06:35 PM.