Tails can be your safe companion if you supplement it with an encrypted partition with VeraCrypt. Please follow our step-by-step guide:
1. Download Tails and Create Tails USB flash drive by following this official installation guide.
2. Boot to Tails and set admin password (this required to create exFAT partition):
Click “+” under “Additional Settings”, then “Administration Password”, set password, click “Add” and finally “Start Tails”.
3. Create exFAT partition on Tails USB flash drive or SD card:
Click “Applications”, then “Utilities”, then “Disks”, select USB flash drive or SD card, click “Free Space”, then “+”, set “Partition Size”, click “Next”, set “Volume Name”, select “Other”, click “Next”, select “exFAT” and finally click “Create”.
4. Enable persistence storage (it will store your data between reboots):
Click “Applications”, then “Favorites”, then “Configure persistent volume”, set passphrase, click “Create”, make sure “Personal Data” is enabled, click “Save” and finally “Restart Now”.
5. Boot to Tails, unlock persistent storage and set admin password (required to mount VeraCrypt volumes)
Click “+” under “Additional Settings”, then “Administration Password”, set password, click “Add” and finally “Start Tails”.
6. Time to connect to Internet!
Establish network connection using ethernet cable or Wi-Fi and wait for Tor to be ready.
7. Import “VeraCrypt Team (2018 – Supersedes Key ID=0x54DDD393)” PGP public key:
torsocks curl https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc | gpg --import
You have to use torsocks to be able to download anything over Tor connection!
8. Set VeraCrypt release semver environment variable:
Replace 1.25.4
with latest release semver.
VERACRYPT_RELEASE_SEMVER=1.25.4
9. Download VeraCrypt release:
Click “Applications”, then “Tor Browser”, go to https://www.veracrypt.fr/en/Downloads.html and download latest release of “Linux Generic Installer” and associated PGP signature.
10. Verify VeraCrypt release:
gpg --verify ~/Tor\ Browser/veracrypt-$VERACRYPT_RELEASE_SEMVER-setup.tar.bz2.sigif you see
if you see:
gpg: Good signature from "VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393) <[email protected]>" [unknown]
– signature is good!
11. Extract VeraCrypt release:
cd ~/Tor\ Browser tar --extract --file ~/Tor\ Browser/veracrypt-$VERACRYPT_RELEASE_SEMVER-setup.tar.bz2 veracrypt-$VERACRYPT_RELEASE_SEMVER-setup-gui-x64
12. Run VeraCrypt installer, click “Extract .tar Package File“, accept license terms, then click “OK” and finally “OK”:
./veracrypt-$VERACRYPT_RELEASE_SEMVER-setup-gui-x64
13. Extract VeraCrypt binary to ~/Persistent
cd ~/Persistent tar --extract --file /tmp/veracrypt_${VERACRYPT_RELEASE_SEMVER}_amd64.tar.gz --strip-components 2 usr/bin/veracrypt
14. Create veracrypt.AppImage
echo -n "./veracrypt" > veracrypt.AppImage chmod +x veracrypt.AppImage
You can now use VeraCrypt to create encrypted volumes on your unencrypted exFAT disk or open any VeraCrypt volumes on other disks (USB flash etc). It is very convenient for safe storage or transfer of valuable data.
🙂