Re: creating a secret-carrying box
On 1/7/2013 9:00 PM, Roedy Green wrote:
The closest thing I have found to what I want is a Kanguru AES
Encrypted Flash drive. I key a password to open it. I can then fill
it will secret files which are hardware-encrypted. Then I close it and
nobody can read the files without the password.
HOWEVER, when I take it to another machine, enter the password, it
opens up, but TOO open. ANY app can read it, including spyware.
I am curious about how you might design such a beast without that
problem.
It would be open, but only to one APP. That one app might have to
jump through hoops to retrieve or change data.
One idea I had was to put a little linux OS on the flash drive that
talked HTTPS. It would be like a portable secure server. The app
could pass through a password over HTTPS keyed in. All its
communications would be encrypted.
Another idea I had was to run the app inside the USB drive, and have
it talk to a device driver that would display and accept keystrokes
and mouse strokes for it.
Another related idea was putting some private keys in inaccessible
ROM, and a CPU that could encrypt/decrypt.
I believe the simplest way is to change from file system
level encryption to app encryption.
Now you have some data encrypted on disk, but when you enter the
password the file system automatically decrypt for all access
both the desired app and other apps.
If it is a normal file system but with files encrypted and
decryption being done by the app decrypting, then other apps
can not read the data directly.
There may still be some risk that they hook into the app
that knows how to decrypt.
Arne