Somewhat OT, encryption question

Robert Moskowitz rgm at htt-consult.com
Thu Nov 27 18:18:23 UTC 2014 

On 11/27/2014 12:01 PM, Bill Oliver wrote:
> On Thu, 27 Nov 2014, Robert Moskowitz wrote:
>
>>
>> On 11/27/2014 11:34 AM, Bill Oliver wrote:
>>>  On Wed, 26 Nov 2014, Bruno Wolff III wrote:
>>>
>>> >  On Wed, Nov 26, 2014 at 20:47:25 +0000,
>>> >   Bill Oliver <vendor at billoblog.com> wrote:
>>> > >  On Wed, 26 Nov 2014, Bill Oliver wrote:
>>> > > > >  Actually, let me be more specific.  Let's say I have data 
>>> on a flash
>>> > >  drive that is encrypted using gpg.  We can even say the flash 
>>> drive
>>> > >  itself is encrypted.
>>> > > > >  Now let's say that flash drive is stolen, lost, etc. *and* the
>>> > >  passphrase is compromised.  I want the data on the flash drive 
>>> to be
>>> > >  available *only on one computer* even if the passphrase is known.
>>> > >  If you don't need to decrypt data in the field, you can use 
>>> public key >  encryption. You won't be able to decrypt the data 
>>> without the private >  key. (Which you wouldn't have with you or the 
>>> flash drive.)
>>> > >  TPMs provide a way to keep a secret on a computer that can't 
>>> easily be >  extracted (otherwise you could supply the data in an 
>>> emulated >  environment). I don't know if there is anything in 
>>> Fedora for using say, >  luks with a TPM in a way that prevents the 
>>> TPM info from being sniffed >  in a similar manner to how your 
>>> passphrase is compromised. There has >  been some work with using 
>>> TPMs with luks, but I don't know how the >  process works.
>>> > >  Note, that if this scenario comes about because someone grabs 
>>> you and >  the flash drive, but not your computer, there could be 
>>> dire consequences >  to not being able to decrypt the drive. 
>>> Particularly if the people > holding don't believe you, when you say 
>>> you can't decrypt it.
>>> >
>>>  That's part of the point.  Were I to be carrying a flash drive, for
>>>  instance, and be required to provide a passphrase, I need to be 
>>> able to
>>>  provide it *and* a cogent, truthful, and believable explanation of 
>>> why it
>>>  doesn't work and there's *nothing I can do" to make it work short of
>>>  returning home and retrieving my computer.  There are many situations
>>>  nowadays where people can be coerced into giving up their 
>>> passphrases.  In
>>>  the US, this can happen at the border.  In other countries, every 
>>> move you
>>>  make is under some sort of surveillance, often covert, and getting
>>>  information in and out can be problematic.
>>>
>>>  What I would like to be able to do is go to a remote site, 
>>> acquire/select
>>>  data for my personal access and use at my office, encrypt it using a
>>>  public key, and then not be able to decrypt it until I got back to my
>>>  office and put it in *my* computer.
>>
>> RSA crypto can do this with only your public key traveling.
>>
>> You encrypt the data with a random AES key.  You encrypt your key 
>> with your RSA public key.  Only when you get back home where your 
>> private key lives, can you decrypt it.
>>
>> In fact, most email programs that support S/MIME can do this.
>>
>> Set up an account foo at bar.com with an email client that supports 
>> S/MIME. Import your public key from your home email into it. Encrypt 
>> your document to your home email account with your home email public 
>> key.  You have no way of decrypting it until you get home to the 
>> computer where your private key lives.
>>
>> All standard stuff.  Just need the right email accounts and software.
>>
>> You will probably need a cert for the foo at bar.com account, but that 
>> will only be used to sign the source of the email, not encrypt it.
>>
>>
>>
>
> Thanks.  I'll read up on that.

I should point out that you can even do it with PGP.  Again create a PGP 
key on your home computer.  Take the published PGPcert with you.  Have a 
PGPcert with private key along with you for only signing.  Encrypt file 
to your home PGP ID.  Again standard operations.  In both cases only 
your home PC can decrypt.

The advantage of S/MIME and X.509, is you can get a X.509 dongle that 
contains both your private home key and the decrypting code. You keep 
this separate from your home system.  Only when you plug this dongle 
into your home computer can you decrypt anything sent to that ID.  
Again, rather standard stuff.

RSA 2015 is the week of Apr 20 in San Fran.  If you get a visitor's pass 
to the show floor, you will see a lot of this stuff.

More information about the users mailing list