brent timothy saner on 10 Feb 2018 13:14:22 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] encrypting files with expiration |
On 02/10/2018 03:45 PM, Rich Freeman wrote: > I don't think view-once was actually part of the requirements, but > again using the trusted viewer software this might be achievable. per OP: "... i would like to store the documents so you can't copy and paste -- *just view once* unlocked. ..." (emphasis added) further, a TPM cannot ensure the unlocked version of this (assuming one did implement an encryption policy for said data using something hardware-locked like TPM) is not copied elsewhere- not only by email, but by other methods. TPM does a decent job at PKI and authoring files to specific hardware. everything else, though, and you're trying to shove a square peg in a round hole. in order to implement half of what you proposed, you're talking about a significant rewrite of certain parts of the kernel - not to mention all the other supporting userland code. and, as acknowledged, still does not address other key parts of the original requirements. what OP requests is impossible, plain and simple. it'd be safer and more practical to do it all in hardcopy, keep them in a safe deposit box, and on a designated day fetch them, shred them, burn the confetti (surprisingly hard to do, FYI), soak the ashes, dry them out, burn them again. (which is of course ridiculous for merely *tax returns*, since they're much more susceptible/vulnerable in-transit and at destination's record storage, but i digress.)
Attachment:
signature.asc
Description: OpenPGP digital signature
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug