Re: [PLUG] encrypting files with expiration

Rich Freeman on 10 Feb 2018 12:45:30 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] encrypting files with expiration

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] encrypting files with expiration
Date: Sat, 10 Feb 2018 15:45:22 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=qI9nx9vsP1LiWAxY5Ym2WQkk4Z2Izl/bkvt4u0XuELk=; b=EVX6Ym/bnEb2eZQj8ZSA3JjNOOYm1lttCbP39rS1oT8zqU4zdYaNs7XZ+L0Tng0mdp CZbQ1YWD/EsTXsSHgl6u4pzD8wVa4C7PQsZKH7KSjjMtl4nvZcdted3WBdXi9AJN9Dhn t2ocyev8KQ44hBcUOzB2Bj5o1J7nXkmMgzPdvM/t9PBjDsYnSBcbHHxmuQ3/2vHa5mn3 ZTlplRr4ED5NmyOmhrTKJvEGnkVG2/ozwCt8e1tIsOY4cxV8BFtRS/ihHGFtVh2mn4QO CeHoEkgetEWqxRhzNPBMuR58mdwMozLFqWJiE0KlOpL9KRF5uVza2R4R7EtJxDjMuQqq 2QZg==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

I realize you posted this before I posted my TPM solution, but I
figured I'd just comment on an element or two of this in the context
of my earlier reply.

On Sat, Feb 10, 2018 at 3:34 PM, brent timothy saner
<brent.saner@gmail.com> wrote:
>
> 0.) data can perform no execution on its own

This is absolutely true - hence the reason that I proposed a
hardware-based solution.  Hardware is STILL defeatable for the reason
you bring up, though it can be very difficult to achieve.  There is no
true theoretical security for something like this (which is basically
DRM).

> 1.) how would the data know when this expiration happens? how can it
> trust the system computer (as the user can change this)? how can it
> trust the program that handles this hypothetical data format to actually
> delete it (see 0.)? how can it *not be copied* to a saved-state machine?

In my solution this is achieved using a trusted viewer.

> 2.) how does it know it has only been "viewed once"? it would need this
> data in a header - which are easily altered. sure, you could
> sign/encrypt that header - but then you would need to include the key in
> the same file, unencrypted, and we've all seen how well that works out
> for... everyone that does that.

I don't think view-once was actually part of the requirements, but
again using the trusted viewer software this might be achievable.
Just store two keys in the TPM.  The software requests the first key,
and stores it in RAM. Then it tells the TPM to destroy that key.  Then
it requests the second key, and destroys it.  Then it combines the
keys into the true key and decrypts the file.  By the time the file is
readable there is no way to ever read it again.

Again, my solution only works on a specific hardware platform.  (You
could of course independently set it up more than once.)  There is no
way to just email a special file to somebody and have all these
restrictions enforced on their own hardware, for all the reasons
you're already getting at.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] encrypting files with expiration
  - From: brent timothy saner <brent.saner@gmail.com>

References:
- [PLUG] encrypting files with expiration
  - From: Rita <rmorgan466@gmail.com>
- Re: [PLUG] encrypting files with expiration
  - From: brent timothy saner <brent.saner@gmail.com>

Prev by Date: Re: [PLUG] encrypting files with expiration
Next by Date: Re: [PLUG] encrypting files with expiration
Previous by thread: Re: [PLUG] encrypting files with expiration
Next by thread: Re: [PLUG] encrypting files with expiration
Index(es):
- Date
- Thread