brent timothy saner on 10 Feb 2018 13:14:22 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] encrypting files with expiration


On 02/10/2018 03:45 PM, Rich Freeman wrote:

> I don't think view-once was actually part of the requirements, but
> again using the trusted viewer software this might be achievable.

per OP:

"... i would like to store the documents so you can't copy and paste --
*just view once* unlocked. ..." (emphasis added)

further, a TPM cannot ensure the unlocked version of this (assuming one
did implement an encryption policy for said data using something
hardware-locked like TPM) is not copied elsewhere- not only by email,
but by other methods.

TPM does a decent job at PKI and authoring files to specific hardware.
everything else, though, and you're trying to shove a square peg in a
round hole.

in order to implement half of what you proposed, you're talking about a
significant rewrite of certain parts of the kernel - not to mention all
the other supporting userland code.

and, as acknowledged, still does not address other key parts of the
original requirements.

what OP requests is impossible, plain and simple. it'd be safer and more
practical to do it all in hardcopy, keep them in a safe deposit box, and
on a designated day fetch them, shred them, burn the confetti
(surprisingly hard to do, FYI), soak the ashes, dry them out, burn them
again.

(which is of course ridiculous for merely *tax returns*, since they're
much more susceptible/vulnerable in-transit and at destination's record
storage, but i digress.)

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug