The simplest way to carry around the documents you want to use with Tails and make sure that they haven't been accessed or modified is to store them in an encrypted volume: a dedicated partition on a USB stick or external hard-disk.

تیلز ابزارهای خاص بسیاری برای LUKS، یک استاندارد رمزگذاری دیسک تحت لینوکس دارد.

  • GNOME Disks allows you to create encrypted volumes.
  • The GNOME desktop allows you to open encrypted volumes.

To store encrypted files on a Tails USB stick, it is recommended to create a persistent volume instead.

ایجاد یک درایو مانا

To open GNOME Disks choose Applications ▸ Utilities ▸ Disks.

Identify your external storage device

Disks lists all the current storage devices on the left side of the screen.

  1. دستگاه ذخیرهٔ خارجی که قصد استفاده از آن را دارید وصل کنید.

  2. دستگاهی جدید در فهرست دستگاه‌های ذخیره ظاهر می‌شود. روی آن کلیک کنید:

۱. توضیحات دستگاه را سمت چپ صفحه ببینید، از جمله مارک، گنجایش آن و غیره.

Format the device

  1. Click on the Menu button in the titlebar and choose Format Disk… to erase all the existing partitions on the device.

  2. In the Format Disk dialog:

    • If you want to erase all data securely, choose to Overwrite existing data with zeroes in the Erase drop-down list.

    • Choose Compatible with all systems and devices (MBR/DOS) in the Partitioning drop-down list.

    Then click Format….

  3. In the confirmation dialog, make sure that the device is correct. Click Format to confirm.

Create a new encrypted partition

Now the schema of the partitions in the middle of the screen shows an empty device:

Free Space 8.1 GB

  1. Click on the Create
 partition button to create a new partition on the device.

  2. In the Create Partition dialog:

    • Partition Size: you can create a partition on the whole device or only on part of it. In this example we are creating a partition of 4.0 GB on a device of 8.1 GB.

    • Type: choose Encrypted, compatible with Linux systems (LUKS + Ext4) from the drop-down list.

    • Name: you can set a name for the partition. This name remains invisible until the partition is open but can help you to identify it during use.

    • Passphrase: type a passphrase for the encrypted partition and repeat it to confirm.

    Then click Create.

    If an error occurs while creating the new partition, try to unplug the device, restart GNOME Disks, and follow all steps again from the beginning.

  3. Creating the partition takes from a few seconds to a few minutes. After that, the new encrypted partition appears in the volumes on the device:

    Partition 1 4.0 GB LUKS / secret 4.0 GB Ext4

  4. If you want to create another partition in the free space on the device, click on the free space and then click on the Create partition button again.

Use the new partition

You can open this new partition from the sidebar of the file browser with the name you gave it.

After opening the partition with the file browser, you can also access it from the Places menu.

باز کردن یک درایو رمزگذاری‌شدهٔ موجود

When plugging in a device containing an encrypted partition, Tails does not open the partition automatically but you can do so from the file browser.

  1. Choose Places ▸ Computer to open the file browser.

  2. Click on the encrypted partition that you want to open in the sidebar.

    File browser with '4.0 GB Encrypted' entry in the sidebar

  3. Enter the passphrase of the partition in the password prompt and click Unlock.

    If you choose the option Remember Password and have the GNOME Keyring persistence feature activated, the password is stored in the persistent storage and remembered across multiple working sessions.

  4. After opening the partition with the file browser, you can also access it from the Places menu.

  5. To close the partition after you finished using it, click on the Eject button next to the partition in the sidebar of the file browser.

نگهداری سندهای مهم

این درایوهای رمزگذاری‌شده مخفی نیستند. یک مهاجم که دستگاه را در اختیار دارد می‌تواند متوجه وجود یک پارتیشن رمزگذاری‌شده روی آن بشود. در نظر داشته باشید ممکن است در مواجهه با زور یا فریب گذرواژه را لو دهید.

باز کردن درایوهای رمزگذاری‌شده از سیستم‌عامل‌های دیگر

می‌توان چنین درایوهای رمزگذاری‌شده‌ای را از سیستم‌عامل‌های دیگر باز کرد، اما این کار ممکن است باعث به مخاطره افتادن امنیت شما شود. احتمالاً نباید به سیستم‌عامل‌های دیگر برای استفاده از اطلاعات مهم شما یا باقی نگذاشتن ردپا اعتماد کرد.

Change the passphrase of an existing encrypted partition

To open GNOME Disks choose Applications ▸ Utilities ▸ Disks.

  1. Plug in the external storage device containing the encrypted partition that you want to change the passphrase for.

  2. The device appears in the list of storage devices. Click on it:

  3. Check that the description of the device on the right side of the screen corresponds to your device: its brand, its size, etc.

  4. Click on the partition displaying a padlock at the bottom-right corner.

  5. Click on the Additional partition options button and choose Change Passphrase…