Journalists viewing documents on SecureDrop must connect to the respective Source or Document Interface using the Tails operating system, which your administrator should have already set up for you.
Create GPG key for the journalist¶
Each journalist must have a personal GPG key that they use for encrypting files transferred from the Secure Viewing Station to their Journalist Workstation. The private key, used for decryption, stays on their Journalist Workstation. The public key, used for encryption, gets copied to the Secure Viewing Station.
If a journalist does not yet have a GPG key, they can follow these instructions to set one up with GnuPG (GPG).
Connect to the Document Interface¶
Each journalist has their own authenticated Tor hidden service URL to
login to the
Document Interface. The journalist needs to use the
browser in the Tails operating system to connect to the
Document Interface. This will take an extra few steps each time you
want to login, but after practicing a few times, it will become
See our guide on setting up Tails for the Admin and Journalist Workstation before continuing. We recommend that you create bookmarks for the Source and Document Interfaces.
After clicking on the SecureDrop
Document Interface link, you can
log in with your username, password, and two-factor authentication
token, as shown in the first screenshot below.
If any sources have uploaded documents or sent you message, they will be listed on the homepage by a codename. Note: The codename the journalists see is different than the codename that sources see.
Move Documents to the Secure Viewing Station¶
You will only be able to view the documents the source has sent you on
Secure Viewing Station. After clicking on an individual source
you will see the page below with the messages that source has sent you.
Click on a document or message name to save it, or select a number of
documents and save them at once by clicking “Download Selected”.
In order to protect you from malware, the browser only allows you to
download documents to a special sandbox folder, located at
Once downloaded to the sandbox folder, move the document to the
designated USB stick you will use to transfer the documents from your
Journalist Workstation to the
Secure Viewing Station. This
will be known as your
Transfer Device from your
Next, boot up the
Secure Viewing Station using Tails (remember, you
must use a different Tails USB than you use your normal
Journalist Workstation) and enter the password for the
Secure Viewing Station the persistent volume. Once you have logged
in, plug in the
Copy these documents to the Persistent folder before decrypting them.
This an important step. Otherwise you might accidentally decrypt the
documents on the USB stick, and they could be recoverable in the
future. You can do this by clicking on the
Computer icon on your
desk top, clicking on the
Transfer Device, and then you can drag and
drop the file into your Persistent folder.
Make sure to then return to your
Transfer Device folder, right click
on the file, and then click “Wipe” to securely wipe the file from your
Decrypt and work on the Secure Viewing Station¶
To decrypt documents, return to your Persistent folder and double-click on zipped file folder. After you extract the files, click on each file individually, and it will prompt you for the application PGP key passphrase to decrypt the document.
When you decrypt the file it will have the same filename, but without the .gpg at the end.
You can double-click on the decrypted document to open it in its default application.
If the default application doesn’t work, you can right-click on the
document and choose
Open with Other Application... to try opening
the document with OpenOffice Writer, or Document Viewer. You can
right-click on a file and choose
Rename... to rename a document and
give it a file extension.
Interact With Sources¶
Secure Viewing Station.
Once your reply has been successfully submitted, you will be returned to the source page and see a message confirming that the reply was stored. The source will see your reply the next time they log in with their unique codename. To minimize sensitive data retention, the source interface UI encourages the source to delete the reply after reading it. If you notice one or more replies disappear from the list of documents, you may infer that the source read and deleted them. You may also delete replies if you change your mind after sending them.
Flag for reply¶
If the server experiences a large number of new sources signing up at
once and is overloaded with submissions, you will need to flag sources
for reply before you can communicate with them. Click the
Flag this source for reply button.
After clicking the
Flag this source for reply button, you’ll see
this confirmation page. Click through to get back to the page that
displays that source’s documents and replies.
You will not be able to reply until after the source logs in again and sees that you would like to talk to him or her. So you may have to sit and wait. After the source sees that you’d like to reply, a GPG key pair will automatically be generated and you can log back in and send a reply.
Work with Documents¶
As long as you’re using the latest version of Tails, you should be able
to open any document that gets submitted to you without the risk of
malicious documents compromising the
Secure Viewing Station.
However, if they do compromise it, Tails is designed so that the next
time you reboot the malware will be gone.
Tails comes with lots of applications that will help you securely work with documents, including an office suite, graphics tools, desktop publishing tools, audio tools, and printing and scanning tools. For more information, visit Work on sensitive documents on the Tails website.
Tails also comes with the Metadata Anonymisation
Toolkit (MAT) that is used to help strip
metadata from a variety of types of files, including png, jpg,
OpenOffice/LibreOffice documents, Microsoft Office documents, pdf, tar,
tar.bz2, tar.gz, zip, mp3, mp2, mp1, mpa, ogg, and flac. You can open
MAT by clicking
Applications in the top left corner, Accessories,
Metadata Anonymisation Toolkit.
We recommend that you do as much work as you can inside of Tails before
copying these documents back to your
including stripping metadata with MAT.
When you no longer need documents you can right-click on them and choose Wipe to delete them.
Encrypt and move documents to Journalist Workstation¶
Before you move documents back to the
Transfer Device to copy them
to your workstation you should encrypt them to your personal GPG public
key that you imported when setting up the
Secure Viewing Station to
Right-click on the document you want to encrypt and choose
Then choose the public keys of the journalist you want to encrypt the
documents to and click
When you are done you will have another document with the same filename
but ending in .gpg that is encrypted to the GPG keys you selected. You
can copy the encrypted documents to the
Transfer Device to transfer
them to your workstation.
Decrypt and prepare to publish¶
Transfer Device into your workstation computer and copy the
encrypted documents to it. Decrypt them with
Write articles and blog posts, edit video and audio, and publish. Expose crimes and corruption, and change the world.