LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-11-2015, 02:22 AM   #1
jeniveve
LQ Newbie
 
Registered: Jun 2015
Posts: 1

Rep: Reputation: Disabled
TAILS iso file verification help


Hi,
I am a complete newbie, and this has to do with verifying the TAILS iso which I have been told is a product of Linux and that this is the correct forum to post on. If this is not the case, please let me know and I will post where appropriate.

I have downloaded and tried to verify the TAILS iso file numerous times now (I believe 9?) using gpg4win and I keep getting this message:
"Signed on 2015-05-11 13:56 with unknown certificate 0xBA2C222F44AC00ED9899389398FEC6BC752A3DB6.
The validity of the signature cannot be verified."

I have never gotten what is displayed on the TAILS website, "Signed on by tails@boum.org (Key ID: 0xBE2CD9C1..."

A friend has told me that this message means I am getting man-in-the-middle attacks and someone is messing with my network??

I somewhat understand what a man-in-the-middle attack is but I can't imagine anyone monitoring me of all people, does this message actually mean that or could I just be doing something wrong?

Thank you,
Jennifer
 
Old 06-11-2015, 03:28 AM   #2
Jjex22
LQ Newbie
 
Registered: Jun 2015
Distribution: Ubuntu, RHEL, SLE, #!++
Posts: 16

Rep: Reputation: Disabled
Hi there, Welcome to the forums!

Tails is indeed Linux, it's just been put together to force all communication through the tor network.

Whilst possible, it's unlikely to be a man in the middle attack, it's more likely that the download has picked up an error. This is why we use checksums - to tell us if there's been an error. First step is to re-download tails.

It is very important to remember that neither tails nor tor make you anonymous, just harder to find. If you are looking into tails, I would strongly recommend reading their material as well as that by the tor project. It is far more important to act anonymous than to be hidden when using these services.

Also be aware that with tor, many of the endpoints in the network are 'sniffed' (a real man in the middle attack) - this means that they are provided by governments, and/or shady fellows who snoop on the traffic as it leaves the network. Be very careful and read that info before using.

A better option is through a paid anonymous VPN - pay with one of those MasterCard travel cards you can get in target and use a disposable email to sign up. You'll get better speed too.

JJ

Last edited by Jjex22; 06-11-2015 at 03:41 AM.
 
1 members found this post helpful.
Old 06-11-2015, 03:33 AM   #3
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,825

Rep: Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408
if you used a torrent client , then it is automatic and already done
Quote:
TAILS iso which I have been told is a product of Linux
yes but it is a VERY SPECIAL operating system and used really ONLY as a live dvd

it is NOT!!!! a normal everyday operating system

do to the security needs of tails browsing the web will be rather difficult and some web sites you will never be able to use
( tor browser issues and Op-Sec issues )

if you are using microsoft windows
DO NOT!!!!!!
repeat DO NOT save to your DESKTOP using internet explorer
-- known reported problems

use bittorrent or some other torrent client for MS windows
and use the .torrent file
https://tails.boum.org/torrents/file...86-1.4.torrent
h t t p s : / / tails.boum.org/torrents/files/tails-i386-1.4.torrent
 
1 members found this post helpful.
Old 06-11-2015, 05:01 AM   #4
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
You should get the public key certificate or keyid from TAILS website. And download the public file using 'pgp.mit.edu' or similar. Then run gpg to verify.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I need help verifying Tails iso ballsar Incognito 5 12-18-2014 01:13 PM
confused about gpg checksum verification procedure for debian iso JacekZ Debian 4 02-11-2014 02:13 AM
LXer: The Tails Project's The Amnesic Incognito Live System (Tails) LXer Syndicated Linux News 0 09-17-2011 02:51 AM
quickest file content verification sumeet inani Linux - Newbie 1 06-15-2011 12:33 AM
Partial file download verification Jack Taylor Linux - Networking 1 02-15-2005 01:39 PM


All times are GMT -5. The time now is 08:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration