How to use pgp to verify tails .img file?
How to use pgp to verify tails .img file?
I know I see the little button that does it automatically but I don't want to use that I want to know how to do it correctly. -Problem is, every guide says to use the .asc file. I don't have that, tails gave me a .IMG file, a .SIG file, and then I downloaded a tails-signing.key file. How do I manually verify this file with just those files?
Have you imported the tails-signing.key yet? Usually you can double-click on that to import it using whatever graphical gpg frontend is set up on your system. It may ask you how well you trust the owner of the key. You can answer that question however you want without affecting this verification process.
Next, it looks like you run the instructions from this page: https://tails.net/install/expert/index.en.html#verify
Some of those command line parameters look a little paranoid. The basic command you want to run is:
gpg --verify somefile.sig somefile.img9wget --continue --timestamping --show-progress https://tails.boum.org/tails-signing.key wget --continue --timestamping --show-progress https://tails.boum.org/torrents/files/tails-amd64-6.8.1.iso.sig gpg --import "tails-signing.key" wget --continue --timestamping --show-progress https://mirrors.wikimedia.org/tails/stable/tails-amd64-6.8.1/tails-amd64-6.8.1.img gpg --keyid-format 0xlong --verify tails-amd64-6.8.1.iso.sig tails-amd64-6.8.1.img(adapted from my script https://gitlab.com/nodiscc/distrib-dl / https://github.com/nodiscc/distrib-dl)
3