The simplest way to carry around the documents you want to use with Tails and make sure that they haven't been accessed nor modified is to store them in an encrypted volume: a dedicated partition on a USB stick or an external hard-disk.
Tails comes with utilities for LUKS, a standard for disk-encryption under Linux.
- The Gnome Disk Utility, allows you to create encrypted volumes
- The Gnome Desktop, allows you to open encrypted volumes
From the menu Applications ▸ System Tools ▸ Disk Utility.
The disk utility will list all the current storage devices on the left side of the screen:
Plug in the external storage device that you want to use.
A new device should appear in the list of storage devices. Click on it with the cursor:
Check that the description of the device on the right side of the screen corresponds to your device: its brand, its size, etc.
Click on Format Drive to erase all the existing partitions on the device. If you're not sure, don't change the default option: Master Boot Record.
You will be prompted with a confirmation message.
Now the schema of the partitions in the middle of the screen shows an empty device.
Click on Create Partition.
A window with options to configure the new partition will appear.
- Size: you can decide to create a partition on the whole device or just on part of it. In this example we are creating a partition of 2.0 GB on a device of 3.9 GB.
- Type: you can change the filesystem type of the partition. If you are not sure you can leave the default value: Ext4.
- Name: you can set a name for the partition. This name will remain invisible until the partition is open but will help you to identify it during use.
- Encrypt underlying device: check this box to encrypt the partition!
Then click on Create.
You will be asked to enter a passphrase for the new partition.
Then click on Create.
Creating the partition might take a few seconds after which the schema of the device will display the new encrypted partition:
At this point you can create other partitions in the free space left on the device, if you want, by clicking on it and doing again Create Partition.
Now you can access this new volume from the Places menu with the name you gave it. You won't be asked for its passphrase unless you unplug it and plug it again.
When plugging a device containing an encrypted partition, Tails won't mount it automatically but it will appear in the Places menu. If several partitions appear as Encrypted, like in the example, you can use its size to guess which one is the one you want to open.
You will be asked to enter the passphrase to unlock the volume.
In case you get it wrong, you will be warned with an error message. You can try to open the partition as before and as many times as you want.
In case you get it right, it will open a file browser in this partition.
Once you are done using the device, to close the encrypted partition choose Safely Remove Drive., right-click on the device, and select