Set up Tails
Setting up Tails involves downloading an image file, "burning" it to a USB stick, and booting a machine from that.
Before you dive in, make sure you have the following:
-
One or more USB sticks, 16 GB or larger. These will be erased, and when the process is done they will be dedicated to Tails.
-
A machine with a 64-bit Intel processor, which can boot from that USB stick. Tails does not work on 32-bit machines, or on Apple Silicon (or other CPU architectures).
Note that the machine doesn't have to be one of your primary workstations. I have a little "netbook" that I keep around specifically for running "live" environments like this.
Install Tails
Tails already has their own documentation for how to do this, so rather than going into a whole lot of detail, I'll refer you there.
Installing Multiple Tails sticks
If you're making multiple Tails sticks, and the computer you're using has enough USB-3 ports, the easiest thing will be to download and create the first one, boot into that, and use the "Tails Installer" app within Tails to install the others. (Obviously, the computer will need enough USB ports for this.)
Directions for how to "Install Tails using Tails" are explained on the same "Install Tails" page linked above. See the links in the grey box just below the four green boxes at the top of the page. (This is based on what the site looks like on 2023-05-22, depending on when you're reading this the page may look different.)
Notes
-
The "Tails Installer" app will not set up a Persistent Storage partition on the USB stick where it installs Tails. You will need to boot into that Tails stick and set up Persistent storage there. (This is covered below.)
-
If the "source" Tails stick has a Persistent Storage partition, the "Tails Installer" app will not copy it. If you like, you can reboot that Tails stick and not unlock the Persistent Storage, so it can't copy it.
-
If the "target" Tails stick already has a Persistent Storage partition, the "Tails Installer" app will ask whether you want to just upgrade Tails on that stick (which will not touch that Persistent Storage partition), or fully wipe the USB stick and do a fresh installation of Tails (which will delete that Persistent Storage partition.)
Persistent Storage
Once you've created your Tails stick, the next step will be to configure "Persistent Storage". This creates an encrypted partition on the Tails stick and sets things up so that much of your "home directory" is actually stored there, so that the next time you boot that Tails stick (and unlock the storage), the files you had stored there will be there again.
If you're setting up multiple Tails sticks, you will need to boot into each one and do this process.
This Persistent Storage partition is going to be the only place where your PGP secret keys will exist "on disk".
The Persistent Storage feature has several features for which it can store data. I normally enable the following:
- Persistent Folder - This is a generic directory called
Persistentin the Tails user's home directory. You can use it to store any arbitrary files you like. - Network - This will remember your wifi passwords.
- Tor Browser Bookmarks
- Thunderbird Email Client
- GnuPG - ⚠️ MAKE SURE THIS IS ENABLED. ⚠️
- SSH Client
- Additional Software
- Dotfiles
Feel free to enable whatever features you think you might use. Again, the important thing for this book is to enable GnuPG.
Like above, Tails already has their own documentation for how to do this, so I'll refer you there.
Backups
After your PGP keys have been created, it's a good idea to have one or more backups, in case your Tails stick is damaged, lost, or stolen. (I have three backups - one in a fire safe at home, one in a safety deposit box at the credit union, and one stored at the home of a family member in another part of the country.)
Again, here's the link to the official Tails documentation. 😎