Tails above the Rest, Part III
In my first two columns in this series, I gave an overview of Tails, including how to get the distribution securely, and once you have it, how to use some of the basic tools. In this final column, I cover some of the more advanced features of Tails, such as some of its log in options, its suite of encryption tools and the persistent disk.
Superuser and Windows Camouflage
By default, Tails operates with superuser privileges disabled. You don't need superuser privileges to use most of Tails, as those privileges come in handy only if you want to install extra software, modify any local hard drives on the system or do anything else that requires root privileges. Tails disables superuser privileges so an attacker also cannot perform superuser functions that might threaten the security of your system. That said, if you intend on using Tails routinely as your desktop, you may find you want to install extra software on a persistent disk.
To enable the superuser account, at the initial login window, click the Yes button under More options, and then click the Forward button at the bottom of that window. In the new window, enter the administrator password in the Password and Verify Password text boxes, and then click Login. You also may have noticed a check box in this window to enable Windows Camouflage. This option changes the default desktop theme to look like a default Windows XP install. The idea here is that if you are using Tails in a public place (like on an Internet café, library or hotel computer), at a glance, your desktop probably will blend in with the rest.
As you might imagine, a security- and anonymity-focused distribution like Tails provides a number of encryption tools. These include more general-purpose tools like GNOME disk manager, which you can use to format new encrypted volumes and the ability to mount encrypted volumes that show up in the Places menu at the top of the desktop. In addition to general-purpose tools, Tails also includes an OpenPGP applet that sits in the notification area (that area of the panel at the top right-hand section of the desktop along with the clock, sound and network applets). The OpenPGP applet has a clipboard icon by default, and you can think of it much like a secured clipboard in the sense that it lets you copy and paste plain text into it and then encrypt or sign it.
If you have copied your GPG keys to this Tails session, you also can use the same tool to encrypt text with your keys. Once you copy the text to the applet, just click on the applet and select Sign/Encrypt Clipboard with Public Keys. You then will be prompted to select the keys of any recipients you want to be able to decrypt the message. Once you finish with this wizard, you can paste the encrypted text like with the above passphrase option.
You also can use the same applet to decrypt text that has been encrypted
with a passphrase. To do this, select the complete encrypted section,
-----BEGIN PGP MESSAGE----- at the
beginning and the
PGP MESSAGE----- at the end. Then, right-click on the OpenPGP applet and
select Copy. The icon should change to a lock if the text is encrypted
or a red seal if it is only signed. Then, click on the applet and select
Decrypt/Verify Clipboard. If the message is encrypted with a passphrase,
you should see an Enter passphrase dialog box. Otherwise, if the
message used public-key cryptography and you have your keypair on this
installation of Tails, you may be prompted for the passphrase to
unlock your secret key. If your passphrase or key is able to decrypt
the message successfully, you will get a GnuPG results window along with
the decrypted text.
Kyle Rankin is a director of engineering operations in the San Francisco Bay Area, the author of a number of books including DevOps Troubleshooting and The Official Ubuntu Server Book, and is a columnist for Linux Journal.
- Geek Guide: The DevOps Toolbox
- Nmap—Not Just for Evil!
- Download "The DevOps Toolbox: Tools and Technologies for Scale and Reliability"
- High-Availability Storage with HA-LVM
- NF/ Observatory Networking with Linux
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Real-Time Rogue Wireless Access Point Detection with the Raspberry Pi
- Days Between Dates: the Counting
- Localhost DNS Cache
- DNSMasq, the Pint-Sized Super Dæmon!