Tails transitioned to a new signing key between Tails 1.3 (February 24) and Tails 1.3.1 (March 31). If you had the previous signing key, make sure to import and verify the new signing key.

GnuPG, a common free software implementation of OpenPGP has versions and graphical frontends for both Windows and Mac OS X. This also make it possible to check the cryptographic signature with those operating systems:

You will find on either of those websites detailed documentation on how to install and use them.

For Windows using Gpg4win

After installing Gpg4win, download the Tails signing key:

Tails signing key

Consult the Gpg4win documentation to import it

Then, download the cryptographic signature corresponding to the ISO image you want to verify:

Tails 2.3 signature

Consult the Gpg4win documentation to check the signature

If you see the following warning:

Not enough information to check the signature validity.
Signed on ... by tails@boum.org (Key ID: 0x58ACD84F
The validity of the signature cannot be verified.

Then the ISO image is still correct, and valid according to the Tails signing key that you downloaded. This warning is related to the trust that you put in the Tails signing key. See, Trusting Tails signing key. To remove this warning you would have to personally sign the Tails signing key with your own key.

For Mac OS X using GPGTools

After installing GPGTools, download the Tails signing key:

Tails signing key

You can do the verification using Finder:

You can also follow the instructions for Linux using the command line.

  1. Open GPG Keychain.

  2. Drag the signing key to GPG Keychain to import the signing key in your keyring.

  3. Download the cryptographic signature of the ISO image:

    Tails 2.3 signature

  4. Save the signature in the same folder where you saved the ISO image.

  5. Right-click on the ISO image and choose Services ▸ OpenPGP: Verify Signature of File.