On 11/27/2014 11:34 AM, Bill Oliver wrote:
On Wed, 26 Nov 2014, Bruno Wolff III wrote:
On Wed, Nov 26, 2014 at 20:47:25 +0000,
Bill Oliver <vendor@xxxxxxxxxxxxx> wrote:
On Wed, 26 Nov 2014, Bill Oliver wrote:
Actually, let me be more specific. Let's say I have data on a flash
drive that is encrypted using gpg. We can even say the flash drive
itself is encrypted.
Now let's say that flash drive is stolen, lost, etc. *and* the
passphrase is compromised. I want the data on the flash drive to be
available *only on one computer* even if the passphrase is known.
If you don't need to decrypt data in the field, you can use public
key encryption. You won't be able to decrypt the data without the
private key. (Which you wouldn't have with you or the flash drive.)
TPMs provide a way to keep a secret on a computer that can't easily
be extracted (otherwise you could supply the data in an emulated
environment). I don't know if there is anything in Fedora for using
say, luks with a TPM in a way that prevents the TPM info from being
sniffed in a similar manner to how your passphrase is compromised.
There has been some work with using TPMs with luks, but I don't know
how the process works.
Note, that if this scenario comes about because someone grabs you and
the flash drive, but not your computer, there could be dire
consequences to not being able to decrypt the drive. Particularly if
the people holding don't believe you, when you say you can't decrypt it.
That's part of the point. Were I to be carrying a flash drive, for
instance, and be required to provide a passphrase, I need to be able
to provide it *and* a cogent, truthful, and believable explanation of
why it doesn't work and there's *nothing I can do" to make it work
short of returning home and retrieving my computer. There are many
situations nowadays where people can be coerced into giving up their
passphrases. In the US, this can happen at the border. In other
countries, every move you make is under some sort of surveillance,
often covert, and getting information in and out can be problematic.
What I would like to be able to do is go to a remote site,
acquire/select data for my personal access and use at my office,
encrypt it using a public key, and then not be able to decrypt it
until I got back to my office and put it in *my* computer.
RSA crypto can do this with only your public key traveling.
You encrypt the data with a random AES key. You encrypt your key with
your RSA public key. Only when you get back home where your private key
lives, can you decrypt it.
In fact, most email programs that support S/MIME can do this.
Set up an account foo@xxxxxxx with an email client that supports
S/MIME. Import your public key from your home email into it. Encrypt
your document to your home email account with your home email public
key. You have no way of decrypting it until you get home to the
computer where your private key lives.
All standard stuff. Just need the right email accounts and software.
You will probably need a cert for the foo@xxxxxxx account, but that will
only be used to sign the source of the email, not encrypt it.
The personal danger really isn't all that great, as long as you stay
out of Islamic countries, and go around with an escort (the latter
being the key). In doing this for 30 years -- for the US military,
for a state police agency, as an academic, and for the occasional NGO,
I've only been directly and realistically threatened with death three
times (not including the general threat of being in an active
theater). All three were in the US, two involving gangs and one
involving a distraught parent who accused us of covering up the murder
of his daughter and decided to even things out with a shotgun.
Frankly, it's more dangerous to be a lawyer for some of these people.
I remember a case some years ago where I testified about an
execution-style murder. I didn't know anything about the case,
really. When I got into the courtroom and got on the stand, I was a
bit surprised. There were four defendants, and they looked like
something out of central casting for a low budget action flick. They
had tattoos all over their faces with "MS13" on their foreheads and
necks, fu-manchu mustaches, shaved heads and mohawks, etc.
After I got through testifying, I was excused and the judge ordered a
recess. I walked out of the court to the elevator along with a man
who had been in the court who I didn't know, but seemed to be involved
in the case. I turned to him and asked, "Hey, that's quite a cast in
there. Do you know the story? What did these guys do?"
He replied "Well, it's our position they did nothing all, but between
you and me, I'm scared shitless. These are the kind of people who
kill you if they don't think you did a good job for them. And the
evidence is pretty clear. They are going to be convicted."
"Heh. I gather you're on the defense team, then."
"Yes, God help me."
Happily, my interest in the case stops the minute I walk out the
door. I don't know who they were or how the case turned out.
Interestingly, from a forensic medicine practice perspective, most
people are happy for you to just do your job and move on. I once
talked to a forensic pathologist from the Soviet Union back in the day
and asked him how he could practice in a country where they played
with the truth so much. Did he get a lot of pressure to change his
findings? He laughed and said not at all. The Kremlin wanted to know
the truth, and he was free to tell it to them no matter how unpleasant
it was. He was one of the few people in Moscow who didn't have to
censor what he told people in the Kremlin. He just couldn't tell
anybody else.
billo
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
