This ticket is a request to update the Kali downloads page to include a direct link to the article in the Kali documentation that describes how to cryptographically verify the authenticity of downloads

Steps to Reproduce

1. Go to kali website frontpage https://kali.org/
2. Click the big "Download" button to load https://www.kali.org/get-kali/#kali-platforms
3. Click the "Live Boot" button
4. See link to download .iso
5. Look around on page for the detached signature file
6. ???
7. Look around on page for instructions on how to verify the .iso file
8. ???
9. ctrl+f find on page for "verify"
10. ???
11. ctrl+f find on page for "verify"
12. ???
13. ctrl+f find on page for "signature"
14. ???
15. ctrl+f find on page for "asc"
16. ???
17. ctrl+f find on page for "pgp"
18. ???
19. ctrl+f find on page for "gpg"
20. ???
21. Open ticket to fix this UX bug

Solution

The solution to this is to update the downloads page:

• https://www.kali.org/get-kali/

To include at least one link to the following page:

• https://www.kali.org/docs/introduction/download-images-securely/

Personally, because unsigned checksums don't provide any security, I recommend replacing all of the sum buttons on this page with a button that says verify and links to the above page.