La forma más sencilla de transportar los documentos que deseas utilizar con Tails y asegurarte de que no hayan sido accedidos o modificados es almacenarlos en un volumen cifrado: una partición dedicada en una memoria USB o disco duro externo.

Tails viene con utilidades para LUKS, un estándar para cifrado de disco para Linux.

  • Discos GNOME te permite crear volúmenes cifrados.
  • El escritorio de GNOME te permite abrir volúmenes cifrados.

To store encrypted files on a Tails USB stick, it is recommended to create a persistent volume instead.

Crea una partición cifrada

Para abrir GNOME Disks elige Aplicaciones ▸ Utilidades ▸ Discos.

Identifica tu dispositivo de almacenamiento externo

Disks lists all the current storage devices on the left side of the screen.

  1. Introduce el dispositivo de almacenamiento externo que quieres usar.

  2. A new device appears in the list of storage devices. Click on it:

  3. Check that the description of the device on the right side of the screen corresponds to your device: its brand, its size, etc.

Formatea el dispositivo

  1. Click on the Menu button in the titlebar and choose Format Disk… to erase all the existing partitions on the device.

  2. En el diálogo Formatea Disco:

    • Si quieres borrar todos los datos de modo seguro, elige Sobreescribir los datos con ceros en el menú desplegable Borrar.

    • Elige Compatible con todos los sistemas y dispositivos (MBR/DOS) en la el menú desplegable Tipo.

    Entonces haz click en el botón Format….

  3. In the confirmation dialog, make sure that the device is correct. Click Format to confirm.

Crea una nueva partición cifrada

Now the schema of the partitions in the middle of the screen shows an empty device:

Free Space 8.1 GB

  1. Click on the Create
 partition button to create a new partition on the device.

  2. En el diálogo Crear partición:

    • Partition Size: you can create a partition on the whole device or only on part of it. In this example we are creating a partition of 4.0 GB on a device of 8.1 GB.

    • Type: choose Encrypted, compatible with Linux systems (LUKS + Ext4) from the drop-down list.

    • Name: you can set a name for the partition. This name remains invisible until the partition is open but can help you to identify it during use.

    • Passphrase: type a passphrase for the encrypted partition and repeat it to confirm.

    Haz click en Crear.

    If an error occurs while creating the new partition, try to unplug the device, restart GNOME Disks, and follow all steps again from the beginning.

  3. Creating the partition takes from a few seconds to a few minutes. After that, the new encrypted partition appears in the volumes on the device:

    Partition 1 4.0 GB LUKS / secret 4.0 GB Ext4

  4. If you want to create another partition in the free space on the device, click on the free space and then click on the Create partition button again.

Usa la nueva partición

Puedes abrir esta nueva partición desde la barra lateral del explorador de archivos con el nombre que le diste.

After opening the partition with the file browser, you can also access it from the Places menu.

Abrir una partición cifrada existente

When plugging in a device containing an encrypted partition, Tails does not open the partition automatically but you can do so from the file browser.

  1. Elige Lugares ▸ Equipo para abrir el explorador de archivos.

  2. Da click en la partición cifrada que quieres abrir en la barra lateral.

    File browser with '4.0 GB Encrypted' entry in the sidebar

  3. Enter the passphrase of the partition in the password prompt and click Unlock.

    If you choose the option Remember Password and have the GNOME Keyring persistence feature activated, the password is stored in the persistent storage and remembered across multiple working sessions.

  4. After opening the partition with the file browser, you can also access it from the Places menu.

  5. To close the partition after you finished using it, click on the Eject button next to the partition in the sidebar of the file browser.

Guardando documentos sensibles

Such encrypted volumes are not hidden. An attacker in possession of the device can know that there is an encrypted volume on it. Take into consideration that you can be forced or tricked to give out its passphrase.

Abriendo volúmenes cifrados desde otros sistemas operativos

Es posible abrir estos volúmenes cifrados desde otros sistemas operativos, pero hacerlo podría comprometer la seguridad que da Tails.

Por ejemplo, las imágenes en miniatura podrían ser creadas y guardadas por otro sistema operativo. O, los contenidos de los archivos podrían ser indexados por el otro sistema operativo.

Change the passphrase of an existing encrypted partition

Para abrir GNOME Disks elige Aplicaciones ▸ Utilidades ▸ Discos.

  1. Plug in the external storage device containing the encrypted partition that you want to change the passphrase for.

  2. The device appears in the list of storage devices. Click on it:

  3. Check that the description of the device on the right side of the screen corresponds to your device: its brand, its size, etc.

  4. Click on the partition displaying a padlock at the bottom-right corner.

  5. Haz click en el botón Additional partition options button and choose Change Passphrase…