Hi all, I am entirely new to tails an rather new on Linux, having switched from Windows to Fedora a few months ago. I have one question specific to tails: I created a VeraCrypt Volume and copied it into the persistent storage and I can open both, the outter and the hidden volume. However, it only gets opened write protected. I’m being told, that I don’t have the permissions to write. How can I open the VeryCrypt volume being able to copy files into the unlocked volume and open/change them from the volume, so not write protected. Thanks a lot in advance for your help.
Now what exactly did you do? Did you crate a veracrypt container - essentially an encrypted file - or did you encrypt a whole partition someplace on your stick? The former would have veracrypt mount the decrypted volume to some mountpoint under /mnt which is r/o for user amnesia. The letter might even create an extra drive-letter that has to be mounted by you. Whichever way I look at your approach I come to the conclusion that it is a bad idea to combine the persitant storage of tails with any extra encryption scheme like Veracrypt etc… Give your persistent storage in Tails a reasonably strong passphrase and your content is safe. Adding some extra layer of encryption just leads to errors. q.e.d.
Since you cannot create a VeryCrypt volume (large, but single file - not a partition) with the application tails provides (you can only unlock a volume), I created a volume on within my fedora daily driver and copied it to a USB drive. Then I booted into tails and copied the veracrypt volume from the separate usb drive into the persistent storage of tails. After that I was able to unlock it with the app provided by tails. However, I could not write/copy files into it, apparently because I don’t have the permission. I see your point not using another layer of encryption within an encrypted tails persistent storage and I don’t regard the LUKS encryption as being insfficient. However, I do like the plausible deniability of hidden verycrypt volumes for various reasons. And since tails offers to unlock verycrypt volumes I found that to be attractive and wanted to try it. And I really would like to get it work. However, I didn’t take into account that this approach would lead to errors, as you mentioned. That might make me re-think it. But honestly, I’d really love to try getting it to work. So any help is highly appreciated.
You can change filepermissions with chmod (chmod -R u+w /Media/amnesia/”mountpoint of your container”) or with the GUI of fileexplorer. You will find the mountpoint of the veracrypted files in disks in form of a hyperlink.
HTH
Thanks a lot. Will try soon. However. I’d like to come back to your point of error proneness when storing an encrypted file within the encrypted persistent storage. How likely is it, that errors occur? I think I need to weigh risk of errors vs. plausible deniability…