Now that we can boot our Tails stick, our next step is to enable persistence.
Without persistence, our Tails stick forgets everything between uses. This is good, but the Tails stick is more useful if we have it remember some information between uses.
Persistence is the feature that turns the unused part of our USB stick into an encrypted storage space. On boot, the configuration screen will allow us to choose to enter the password and mount the storage space if we wish. This storage is where we save our documents and desired configuration files. Otherwise the storage space won’t be available and our Tails configuration is plain (and more anonymous).
Create the persistent drive
Step one is to create the persistent drive. Boot into your new Tails stick all the way to the main desktop. Go to Applications> Tails> Configure Persistent Volume. Follow the instructions to create a new persistent volume and enter your passphrase. Use a long phrase even with spaces that you can remember. Length is more important than being mixed up letters and numbers. Relevant XKCD Comic is here.
After the volume is created, reboot your Tails stick. This time at the tails greeter screen, enter your new passphrase in the Encrypted Persistence Passphrase box, then click unlock. Now your Tails stick will mount the new persistent drive when your click Start Tails.
Configure the persistent drive
Once the Tails desktop has appeared,go back to Applications> Tails> Configure Persistent Volume. This screen allows us to choose what features we want to enable for persistence. Read more about the options on the Tails site. I recommend setting them all to ON. Once configured, click save, and then reboot. Again, enter your passphrase to unlock the volume and start Tails. Now your configuration items will be saved.
Now that the persistence is fully configured, your WiFi passwords and browser bookmarks will be saved between Tails sessions. Connect to your home WiFi if you want and enter your password. Next time you go into Tails, it will automatically connect to your home WiFi using the saved password. Your bookmarks in the Tor Browser and any printers you configure will be saved between sessions.
There is now a folder called “Persistent” under the Places menu. This is where you can save downloaded documents to keep them between sessions. Storing files anywhere else will cause the files to vanish when you reboot or turn off Tails. I’ll say that again. Only documents saved in the Persistent folder are saved between sessions. Files saved anywhere else will vanish when you shutdown.
The first time you open Thunderbird, the setup wizard will start. Enter your name, email address and password. You may or may not want to save the password. It’s stored on an encrypted volume, so it’s safe. If Thunderbird finds your server, the next steps are easy. If you have issues, this Tails version of Thunderbird is the normal version, so any configuration instructions from your email provider for Thunderbird will work.
One email is working, you need to setup Enigmail to send and receive encrypted emails. If you use Enigmail on another computer, you can use the export and import features of Enigmail. For this exercise, I’ll assume this is the first time using Enigmail and you don’t already have PGP keys. Go to Thunderbird’s menu and select Enigmail> Setup wizard.
Select “I prefer a standard configuration” and click next. The next screen will ask you for a passphrase for your new PGP key for your email account. It also asks how long to remember the key once entered. This is a timer so you don’t have to keep reentering your key as you read through email. I recommend setting this to the default 5 minutes or less. Click next and wait for your new 4096-bit key to be generated.
Once the key is generated, create the Revocation certificate. The Revocation certificate is used to cancel your PGP key. Generate the certificate and save it to your Persistent folder. You can move it to another USB stick to keep it safe.
Now your email is setup on Tails. Read more about using Thunderbird and Enigmail at this site.
Sending Encrypted Email
Now, lets send your first encrypted email. It will be easier if you are reading this article from your Tails stick. Before you can send encrypted emails, you need to trade PGP keys. For practice, you can test with me. Get my PGP key at my web site. Copy the key and then open Enigmail> Key Management. Then, go to Edit> Import Key from Clipboard. Enigmail will import the key.
Now “write” a new email and address it to me – firstname.lastname@example.org. Fill out the email as you normally would, but before you send it, go to the Enigmail menu at the top and select Preferences. Click “Encrypt Email” and “Attach my public key”. The first option will encrypt the email using my public key and the second option sends me your public key so I can reply encrypted. Click Send. Enter your key’s passphrase if prompted. You have sent your first encrypted email!
Key management is a big issue. You need someone’s public key to send them an encrypted email. You can get keys from bloggers like me on our web sites. For your friends, they will need to send you their key in a plain email or you can use a second USB stick to trade keys. To export your key to a USB stick, Open Enigmail>Key Management and right click on your email key entry and Export Keys to File. When prompted, Export Public Keys Only. Save the key in your persistence folder. You can then copy it to a spare USB stick to share with your friends.
To import a key saved to a file, double click on the key file ( it should end with asc). You’ll see a message “Keys Imported”. Next time you open Thunderbird and Enigmail, the keys will be in your key manager. Thunderbird will automatically use the correct public key when you send an email.
I encourage you to have “key sharing” parties to share keys with your friends and practice sending encrypted emails.
Other Tails Tools
Where are other communications tools included with Tails such as Pidgin (messaging) and Hex (chat), but these are not used much and usually by small, focused groups. Tails includes an office suite for editing documents and spreadsheets and a bitcoin wallet. Read more about the included programs on the Tails Features web page. Tails will also check and update itself as needed.
ABOUT THE AUTHOR
Chad “Chainsaw” Sawyer is a information security professional that focuses on helping organizations and individuals maintain their privacy and computer data security. He’s the author of the Linux Workstation guide and blogs on privacy issues at Chainsaw’s Privacy. He holds a General Amateur Radio license and is a AmRRON Corps member.