| Rich Freeman on 10 Feb 2018 12:39:20 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] encrypting files with expiration |
On Sat, Feb 10, 2018 at 3:24 PM, Rita <rmorgan466@gmail.com> wrote: > i would like to archive sensitive tax documents. i would like to store the > documents so you can't copy and paste -- just view once unlocked. set an > expiration time once unlocked. are there any tools like that? > Have people written software that purportedly does this stuff? Yes. Is it relatively easy to bypass? Yes. With hardware support you can actually get close to something like this, assuming you want to only run it on your own hardware, and that you don't mind the files becoming inaccessible if the hardware fails. I don't think anybody has fully implemented anything like this in FOSS (and perhaps not even in non-FOSS). It is theoretically possible though. The way you would go about it is to use hardware that includes a TPM, with TPM support in linux (and your bootloader as well if you don't directly boot linux from UEFI). Together these will populate the PCR registers in the TPM during boot. Then you would run your software and the software would request the encryption key for your file from the TPM, and once the file is accessed the software would start the expiration timer and enforce it. If any of the software in the chain from firmware to your reader software (including the bootloader+kernel) were modified in any way the TPM would refuse to deliver the key, and the file would be unreadable. You could use a kernel that includes special protections for the process displaying the file so that there isn't any way to access its memory. Again, none of this is implemented, nor would it be terribly easy to implement. My understanding is that windows, android, and chromeos include some of the groundwork to allow for remote attestation, though it isn't commonly used (and the linux kernel portions are in the vanilla kernels). Most passwordless full-disk encryption software uses an approach like this, though they operate a bit lower-level just to decrypt the disk and don't enforce timers/etc. There are some vulnerabilities here: 1. If the hardware TPM is defeated your data will be compromised. This is not easy to do. 2. If the hardware is damaged, your data will be lost. You'll need some secure backup of your data, and this backup wouldn't have these protections. 3. If the trusted version of any of the software (firmware/bootloader/kernel/viewer - and any other userspace involved like an X server/etc) contains a vulnerability, then that could be exploitable. The scheme above ensures that none of this software is modified, but it can't protect against vulnerabilities in the unmodified software. For personal use like you suggest this would be quite an undertaking. However, it is certainly possible with the right hardware. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug