summaryrefslogtreecommitdiffstats
path: root/wiki/src/doc/get/trusting_tails_signing_key.de.po
blob: 76ee6db65fa67ef864cb716a2c245b25fe9258b6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2014-08-03 12:37+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"Trusting Tails signing key\"]]\n"
msgstr ""

#. type: Plain text
msgid ""
"We will present you three techniques from the easiest to the safest. Again, "
"none of them is a perfect and magic solution. Feel free to explore them "
"according to your possibilities and technical skills."
msgstr ""

#. type: Plain text
msgid ""
"Note that since all Tails releases are signed with the same key, you will "
"not have to verify the key every time and the trust you might progressively "
"build in it will be built once and for all. Still, you will have to check "
"the ISO image every time you download a new one!"
msgstr ""

#. type: Title #
#, no-wrap
msgid "Correlates several downloads of Tails signing key"
msgstr ""

#. type: Plain text
msgid ""
"A simple technique to increase the trust you can put in Tails signing key "
"would be to download it several times, from several locations, several "
"computers, possibly several countries, etc."
msgstr ""

#. type: Plain text
msgid ""
"For example you could save them every time with a different name in the same "
"directory on a USB stick. Then run the following command from a terminal to "
"check whether all the keys are identical:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"    cd [your download directory]\n"
"    sha256sum tails-signing*.key\n"
msgstr ""

#. type: Plain text
msgid "This command would output something like this:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"    aa4ac9313d562c901ddeca1b32b4d539d1e3476c575da554a9b6ccaa3d8305eb  tails-signing-desktop.key\n"
"    aa4ac9313d562c901ddeca1b32b4d539d1e3476c575da554a9b6ccaa3d8305eb  tails-signing-laptop.key\n"
"    aa4ac9313d562c901ddeca1b32b4d539d1e3476c575da554a9b6ccaa3d8305eb  tails-signing-library.key\n"
"    aa4ac9313d562c901ddeca1b32b4d539d1e3476c575da554a9b6ccaa3d8305eb  tails-signing-seattle.key\n"
msgstr ""

#. type: Plain text
msgid ""
"You would then need to visually check that all the checksums of the first "
"column are the same, meaning that the keys are identical."
msgstr ""

#. type: Plain text
msgid ""
"You could also use this technique to compare keys downloaded by your friends "
"or other people you trust."
msgstr ""

#. type: Title #
#, no-wrap
msgid "Using the OpenPGP Web of Trust"
msgstr ""

#. type: Plain text
msgid ""
"If you want to be extra cautious and really authenticate Tails signing key "
"in a stronger way than what standard HTTPS offers you, you will need to use "
"the OpenPGP Web of Trust."
msgstr ""

#. type: Plain text
msgid ""
"One of the inherent problems of standard HTTPS is that the trust we usually "
"put on a website is defined by certificate authorities: a hierarchical and "
"closed set of companies and governmental institutions approved by web "
"browser vendors.  This model of trust has long been criticized and proved "
"several times to be vulnerable to attacks [[as explained on our warning page|"
"about/warning#man-in-the-middle]]."
msgstr ""

#. type: Plain text
msgid ""
"We believe instead that users should be given the final say when trusting a "
"website, and that designation of trust should be done on the basis of human "
"interaction."
msgstr ""

#. type: Plain text
msgid ""
"The OpenPGP [[!wikipedia Web_of_Trust desc=\"Web of Trust\"]] is a "
"decentralized trust model based on OpenPGP keys. Let's see that with an "
"example."
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"*You're a friend of Alice and really trust her way of managing OpenPGP keys.\n"
"You're trusting Alice's key.*\n"
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"*Furthermore, Alice met Bob, a Tails developer, in a conference, and signed\n"
"Bob's key. Alice is trusting Bob's key.*\n"
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"*Bob is a Tails developer who directly owns the Tails signing key. Bob fully\n"
"trusts Tails signing key.*\n"
msgstr ""

#. type: Plain text
msgid ""
"This scenario creates a trust path from you to Tails signing key that could "
"allow you to trust it without having to depend on certificate authorities."
msgstr ""

#. type: Plain text
msgid ""
"This trust model is not perfect either and requires both caution and "
"intelligent supervision by users. The technical details of creating, "
"managing and trusting OpenPGP keys is outside of the scope of this document."
msgstr ""

#. type: Plain text
msgid ""
"We also acknowledge that not everybody might be able to create good trust "
"path to Tails signing key since it based on a network of direct human "
"relationships and the knowledge of quite complex tools such as OpenPGP."
msgstr ""

#. type: Title #
#, no-wrap
msgid "Check Tails signing key against the Debian keyring"
msgstr ""

#. type: Plain text
msgid ""
"Following the previous scenario, when Alice met Bob, a Tails developer, she "
"could have made a new signature on Tails signing key with her own key to "
"certify this trust relationship and make it public. Tails signing key would "
"now come along with a signature made by Alice."
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"Tails signing key is actually already signed by the keys of several official\n"
"developers of Debian, the operating system on which Tails is based. Debian makes\n"
"an extensive use of OpenPGP and you can download the keys of all Debian\n"
"developers by installing the <code>debian-keyring</code> package. You can then\n"
"verify the signatures those developers made with their own key on Tails signing\n"
"key.\n"
msgstr ""

#. type: Plain text
msgid "To download the Debian keyring you can do:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid "    sudo apt-get install debian-keyring\n"
msgstr ""

#. type: Plain text
msgid ""
"To get a list of the signatures made by other people on Tails signing key "
"you can do:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid "    gpg --keyid-format long --list-sigs 1202821CBE2CD9C1\n"
msgstr ""

#. type: Plain text
msgid "You will get something like this:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"    pub   4096R/1202821CBE2CD9C1 2010-10-07 [expires: 2015-04-30]\n"
"    uid                          Tails developers (signing key) <tails@boum.org>\n"
"    sig 3        1202821CBE2CD9C1 2011-04-16  Tails developers (signing key) <tails@boum.org>\n"
"    sig          BACE15D2A57498FF 2011-04-16  [User ID not found]\n"
"    sig          CCD2ED94D21739E9 2011-06-12  [User ID not found]\n"
"    uid                          T(A)ILS developers (signing key) <amnesia@boum.org>\n"
"    sig 3        1202821CBE2CD9C1 2010-10-07  Tails developers (signing key) <tails@boum.org>\n"
"    sig          BACE15D2A57498FF 2010-10-07  [User ID not found]\n"
"    sig          8CBF9A322861A790 2010-12-24  [User ID not found]\n"
"    sig          7EF27D76B2177E1F 2010-12-27  [User ID not found]\n"
"    sig          CCD2ED94D21739E9 2010-12-29  [User ID not found]\n"
"    sig          AC0EC35285821C42 2011-03-22  [User ID not found]\n"
"    sig          C2DEE7F336042734 2010-10-24  [User ID not found]\n"
msgstr ""

#. type: Plain text
msgid ""
"The lines ending with '[User ID not found]' are signatures made by keys you "
"still don't have in your keyring. You could try to search for them in the "
"Debian keyring by their key ID: the 16 digit code between the 'sig' tag and "
"the date.  You could for example do:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid "    gpg --keyring=/usr/share/keyrings/debian-keyring.gpg --list-key CCD2ED94D21739E9\n"
msgstr ""

#. type: Plain text
msgid ""
"If this signature corresponds to a key in the Debian keyring you will get "
"something like this:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"    pub   4096R/CCD2ED94D21739E9 2007-06-02 [expires: 2015-02-26]\n"
"    uid                          Daniel Kahn Gillmor <dkg@fifthhorseman.net>\n"
"    uid                          Daniel Kahn Gillmor <dkg@openflows.com>\n"
"    uid                          [jpeg image of size 3515]\n"
"    uid                          Daniel Kahn Gillmor <dkg@debian.org>\n"
"    uid                          Daniel Kahn Gillmor <dkg@aclu.org>\n"
"    sub   4096R/0xC61BD3EC21484CFF 2007-06-02 [expires: 2015-02-26]\n"
"    sub   2048R/0x125868EA4BFA08E4 2008-06-19 [expires: 2015-02-26]\n"
"    sub   4096R/0xA52401B11BFDFA5C 2013-03-12 [expires: 2015-03-12]\n"
"    sub   2432R/0xDC104C4E0CA757FB 2013-09-11 [expires: 2014-09-11]\n"
msgstr ""

#. type: Plain text
msgid "You can then import it in your own keyring by doing:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid "    gpg --keyring=/usr/share/keyrings/debian-keyring.gpg --export CCD2ED94D21739E9 | gpg --import\n"
msgstr ""

#. type: Plain text
msgid ""
"Now you can try to verify the signature made by this new key on Tails "
"signing key by doing:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid "    gpg --keyid-format long --check-sigs 1202821CBE2CD9C1\n"
msgstr ""

#. type: Plain text
msgid ""
"On the output, the status of the verification is indicated by a flag "
"directly following the \"sig\" tag. A \"!\" indicates that the signature has "
"been successfully verified, a \"-\" denotes a bad signature and a \"%\" is "
"used if an error occurred while checking the signature (e.g. a non supported "
"algorithm).  For example, in the following output the signature of Daniel "
"Kahn Gillmor on Tails signing key has been successfully verified:"
msgstr ""

#. type: Plain text
#, no-wrap
msgid ""
"    pub   4096R/1202821CBE2CD9C1 2010-10-07 [expires: 2015-04-30]\n"
"    uid                          Tails developers (signing key) <tails@boum.org>\n"
"    sig!3        1202821CBE2CD9C1 2011-04-16  Tails developers (signing key) <tails@boum.org>\n"
"    sig!         CCD2ED94D21739E9 2013-05-05  Daniel Kahn Gillmor <dkg@fifthhorseman.net>\n"
msgstr ""

#. type: Plain text
#, no-wrap
msgid "    3 signatures not checked due to missing keys\n"
msgstr ""

#. type: Title #
#, no-wrap
msgid "Get into the Web of Trust!"
msgstr ""

#. type: Plain text
msgid ""
"Since the Web of Trust is actually based on human relationships and real-"
"life interactions the best would be to start establishing contacts with "
"people knowledgeable about OpenPGP, start using it yourself and build trust "
"relationships in order to find your own trust path to Tails signing key."
msgstr ""

#. type: Plain text
msgid ""
"You could start by contacting a local [[!wikipedia Linux_User_Group desc=\"%s"
"\"]] or other Tails enthusiasts near you and exchange about their OpenPGP "
"practices."
msgstr ""

#. type: Title #
#, no-wrap
msgid "Further reading on OpenPGP"
msgstr ""

#. type: Bullet: '- '
msgid "[[!wikipedia GnuPG desc=\"Wikipedia: %s\"]], a free OpenPGP software"
msgstr ""

#. type: Bullet: '- '
msgid "[[Apache: How To OpenPGP|http://www.apache.org/dev/openpgp.html]]"
msgstr ""

#. type: Bullet: '- '
msgid ""
"[[Debian: Keysigning|http://www.debian.org/events/keysigning]], a tutorial "
"on signing keys of other people"
msgstr ""

#. type: Bullet: '- '
msgid ""
"[[rubin.ch: Explanation of the web of trust of PGP|http://www.rubin.ch/pgp/"
"weboftrust.en.html]]"
msgstr ""

#. type: Bullet: '- '
msgid ""
"[[Gpg4win: Certificate inspection|http://www.gpg4win.org/doc/en/gpg4win-"
"compendium_16.html]], instructions to manage key trust with Gpg4win"
msgstr ""

#. type: Bullet: '- '
msgid "<!-- l10n placeholder for language-specific link -->"
msgstr ""