How To Guides Org

Make Your Computer NSA-Proof Part 9: Installing Tails on a USB Drive or Raspberry Pi

If you want to make your computer more secure and private, you should anonymize your internet traffic. One way to do that is to use trending OS “Tails”

Download Tails Torrent And Compare MD5

Recent NSA revelations now proof that the NSA is tracking users who are interested in privacy software such as Tor and Tails. If you don’t want to be tracked you should not Google those terms, always download Tor directly before attempting to do research on those keywords. Also keep in mind using Tor does not guarantee safety. If you are a journalist who’s doing research on a sensitive subject, then I suggest you read our tutorials setting up a VPN on Windows 8 and TOP VPN Provider 2014

Here is a list of files we need. First the actual ISO download, then the signature file and the signing key we need to be able to verify the signature file!

MD5 of the torrent file: 62e0f9e82e831cba73d904c3a7510155 You can verify the MD5 sum with a context menu MD5 checker or get the liteweight tool from http://www.winmd5.com/

Official Download Site

The official Tails download site is at https://tails.boum.org/download/index.en. Make sure to visit this URL from a Tor browser. You can verify your IP by going to whatismyip.com to make sure you are behind the Tor network. Don’t sign into any services like Google or Facebook when behind Tor. You can also download the Torrent from our mirror above.

Download Tails 1.0.1 Torrent

Verify Integrity via GPG

Do NOT download Gpg4win-Light, it does not include Kleopatra which we will use to verify the integrity

So make sure to download the full version at Gpg4win for Windows and install it. Then download the tails signature key from the link above and you can verify it.

GnuPG will be installed in C:\Program Files (x86)\GNU\GnuPG

1. Step Open the location where you downloaded the ISO and signature files to

2. Step There are signature files for both the ISO and the torrent file. The signature files use the extension *.sig

Wrong Way: Via Context Menu

GPG tools will be added to your context menu, however you first have to import the public key, so you can’t simply click on the file and say “verify” as you would with hashes (MD5)

Creating A GPG Key!

Before we can actually verify the integrity of a public key we need to create a key for our computer:

1. Step Select Create a personal OpenPGP key pair

2. Step Enter your details and proceed

3. Step Enter a passphrase!

4. Step You should see the result “Certificate created successfully” and a fingerprint

5. Step Backup your keys

Correct Way: Import Public Key (Signing Key) Into Kleopatra

The easiest way for a Windows user who is not familiar with the command prompt is to simply use Kleopatra. Go into the folder C:\Program Files (x86)\GNU\GnuPG and double-click kleopatra.exe and open it via the system tray icon

1. Step We are now going to import the signing key (public key) into Kleopatra, 3 steps are necessary

2. Step This is what it looks like:

Certify Certificate

Before we can proceed with decrypting and verifying the Tails developer key, we have to certify their certificate. This is necessary.

1. Step Right-click on the cert and click Certify Certificate, follow the instructions on the screen

2. Step Verify everything is correct and looks similar to this. To verify the details like fingerprint, right-click on the cert and click “Certificate Details”

3. Step Once you are done, the certificate will be listed under “Trusted Certificates”

Decrypt/Verify Signature

1. Step Now click on File, Decrypt/Verify:

Make sure tails-i386-1.0.1.iso.sig and tails-i386-1.0.1.iso are in the SAME folder

2. Step Alrighty, now it should work, proceed by clicking Decrypt/Verify

3. Step It is now verifying the signature, the end result should show you this:

Burn ISO File Or Make Bootable USB Drive

You can now burn a bootable ISO file using Nero or other tools or create a bootable USB drive that you can use to boot Tails via a Raspberry Pi.

1. Step Download LiveUSB from http://live.learnfree.eu/download/

2. Step Select Tails from the dropdown

3. Step Insert your pendrive and create a bootable USB drive

4. Step Plug this into your Raspberry PI

Help, I get the error: The validity of the signature cannot be verified Kleopatra

This error always appears if you did not create a PGP key and did not certify the public key. Please read our instructions more carefully and you will NOT get this error:

This can also happen when you don’t tell Kleopatra that you fully trust the public key. Try changing the trust level:

You should get a message owner trust change successfull or similar.

Additional Resources Part 1 – 8

Everything about Bitmessaging, Cryptic Fonts, Index.Dat, Tor vs VPN