(More) Specifics:

  • Undoing the protection should include filling in a password.
  • The password should be different from the one used with sudo or any other passwords that are used for acquiring elevated privileges.

All (possible) solutions and suggestions are welcome! Thanks in advance!

Edit: Perhaps additional specifications:

  • With 'displace‘, I mean anything involving that resembles the result of mv, cp (move, cut, copy) or whatsoever. The files should remain in their previously assigned locations/places and should not be able to ‘pop up’ anywhere.
  • I require for the files to be unreadable.
  • I don’t care if it’s modifiable or not.
  • I don’t require this for my whole system! Only for a specific set of files.
  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    arrow-up
    4
    ·
    4 months ago

    Then, what prevents whosoever, to copy that file through cloning the complete disk?

    Nothing. At most, you can have a hardware encrypted drive that won’t permit access to the encrypted data without a password, but the file will remain available after unlocking that. Plus, dedicated people (law enforcement, data recovery specialists) may be able to get access to the flash chip itself unless you buy one that self destruct on any tampering attempts (and even those have flaws).

    You cannot prevent copying of data if that data is readable at disk level. At most, you can make the data useless by padding a layer of encryption (as well-encrypted data may as well be random data without the key material). That’s why everyone is going for encryption: encrypted files may as well be inaccessible to anyone who doesn’t know the passphrase. There’s no sense in copying a file which you cannot possibly read any bytes from.

    If the key is gone (i.e. the real key is a password protected file that gets overwritten so even the password doesn’t work anymore), the file becomes irretrievable. This is sometimes called “cryptographic erase” in the context of disks. There are variations of this, for instance, storing the key in the computer’s processor (fTPM) behind a password, and clearing that key out. There’s no way to get the key out of the fTPM so it cannot be backed up. Even if someone were to guess your password, the file will forever remain locked. Or at least until someone manages to break all cryptography, but even quantum computers don’t know how to do that part yet.

    If you’re willing to go deep, you could reprogram the firmware on your SSD/HDD to refuse reading the file. A few years back, someone made a proof of concept firmware that detected disk imaging attempts (because all blocks on the disk were read in order) and had the firmware return garbage while secretly wiping the disk when this detection triggered. You could, in theory, write firmware that refuses to read that block of data. However, if whoever you’re hiding this file from know about that, they can take out the platter/memory chips and dump them directly, bypassing your firmware entirely.