On 11/27/2014 12:01 PM, Bill Oliver wrote:
On Thu, 27 Nov 2014, Robert Moskowitz wrote:
On 11/27/2014 11:34 AM, Bill Oliver wrote:
On Wed, 26 Nov 2014, Bruno Wolff III wrote:
> On Wed, Nov 26, 2014 at 20:47:25 +0000,
> Bill Oliver <vendor@xxxxxxxxxxxxx> wrote:
> > On Wed, 26 Nov 2014, Bill Oliver wrote:
> > > > Actually, let me be more specific. Let's say I have data
on a flash
> > drive that is encrypted using gpg. We can even say the flash
drive
> > itself is encrypted.
> > > > Now let's say that flash drive is stolen, lost, etc. *and* the
> > passphrase is compromised. I want the data on the flash drive
to be
> > available *only on one computer* even if the passphrase is known.
> > If you don't need to decrypt data in the field, you can use
public key > encryption. You won't be able to decrypt the data
without the private > key. (Which you wouldn't have with you or the
flash drive.)
> > TPMs provide a way to keep a secret on a computer that can't
easily be > extracted (otherwise you could supply the data in an
emulated > environment). I don't know if there is anything in
Fedora for using say, > luks with a TPM in a way that prevents the
TPM info from being sniffed > in a similar manner to how your
passphrase is compromised. There has > been some work with using
TPMs with luks, but I don't know how the > process works.
> > Note, that if this scenario comes about because someone grabs
you and > the flash drive, but not your computer, there could be
dire consequences > to not being able to decrypt the drive.
Particularly if the people > holding don't believe you, when you say
you can't decrypt it.
>
That's part of the point. Were I to be carrying a flash drive, for
instance, and be required to provide a passphrase, I need to be
able to
provide it *and* a cogent, truthful, and believable explanation of
why it
doesn't work and there's *nothing I can do" to make it work short of
returning home and retrieving my computer. There are many situations
nowadays where people can be coerced into giving up their
passphrases. In
the US, this can happen at the border. In other countries, every
move you
make is under some sort of surveillance, often covert, and getting
information in and out can be problematic.
What I would like to be able to do is go to a remote site,
acquire/select
data for my personal access and use at my office, encrypt it using a
public key, and then not be able to decrypt it until I got back to my
office and put it in *my* computer.
RSA crypto can do this with only your public key traveling.
You encrypt the data with a random AES key. You encrypt your key
with your RSA public key. Only when you get back home where your
private key lives, can you decrypt it.
In fact, most email programs that support S/MIME can do this.
Set up an account foo@xxxxxxx with an email client that supports
S/MIME. Import your public key from your home email into it. Encrypt
your document to your home email account with your home email public
key. You have no way of decrypting it until you get home to the
computer where your private key lives.
All standard stuff. Just need the right email accounts and software.
You will probably need a cert for the foo@xxxxxxx account, but that
will only be used to sign the source of the email, not encrypt it.
Thanks. I'll read up on that.
I should point out that you can even do it with PGP. Again create a PGP
key on your home computer. Take the published PGPcert with you. Have a
PGPcert with private key along with you for only signing. Encrypt file
to your home PGP ID. Again standard operations. In both cases only
your home PC can decrypt.
The advantage of S/MIME and X.509, is you can get a X.509 dongle that
contains both your private home key and the decrypting code. You keep
this separate from your home system. Only when you plug this dongle
into your home computer can you decrypt anything sent to that ID.
Again, rather standard stuff.
RSA 2015 is the week of Apr 20 in San Fran. If you get a visitor's pass
to the show floor, you will see a lot of this stuff.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
