Little bit off-topic question for HN: is there any encrypted Linux filesystem which can be mounted in write-only mode using only the public key, and read-write mode using the private/public key-pair?
I think that kind of filesystems would be very useful for dashcams and security cameras owners for their privacy.
Create an ephemeral key for a symmetric encryption in advance, encrypt this ephemeral key with the public-key method of your choice and store somewhere. Then encrypt one minute of recording using this ephemeral key. I don't know if gnupg is performing good enough on all architectures, but in principle it can handle everything in one go, and it works exactly as described just above.
~ dd if=/dev/zero bs=1M count=50 | gpg -e -r 0x6AC3E4EC >encrypted.dat
50+0 records in
50+0 records out
52428800 bytes (52 MB, 50 MiB) copied, 0.486881 s, 108 MB/s
(Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz)
$ dd if=/dev/urandom bs=1M | \
split -b5000000 -d -a4 --verbose \
--filter="gpg -e -r 0x6AC3E4EC >\$FILE" \
- recording_
executing with FILE=recording_0000
executing with FILE=recording_0001
executing with FILE=recording_0002
(...)
• -d decimal suffixes (0001, ... else aa..az..zz)
• -a4 : suffixes of length 4 (0000)
• --filter="" : filter through pgp, intended output file is in variable $FILE
• - : read stdin
• recording_ : prefix output files with this string
$ file *recor*
recording_0000: PGP RSA encrypted session key - keyid: 8F74FAFF 29C8C7C2 RSA (Encrypt or Sign) 2048b .
recording_0001: PGP RSA encrypted session key - keyid: 8F74FAFF 29C8C7C2 RSA (Encrypt or Sign) 2048b .
recording_0002: PGP RSA encrypted session key - keyid: 8F74FAFF 29C8C7C2 RSA (Encrypt or Sign) 2048b .
(....)I'm thinking of an EncFS type stackable solution (as suggested by @robryk) based on FUSE because you could copy the encrypted files from the upper level filesystem when needed (without remounting the lower level filesystem in read-write mode) and examine them on an air-gapped computer which holds the private key.
The disadvantage of this type of stacked solution is that it wouldn't be possible to implement plausible deniability.
OTOH, on the file contents level this seems very much doable. Sadly, I am unaware of any general purpose implementation of such a thing (encfs doesn't do anything of this kind).
This seems like a good start: https://www.stavros.io/posts/python-fuse-filesystem/
You can always also use a smartcard type device to sign your files. Then a reboot (power cycle) will revoke signing capability until unlocked again.
So, there's an analog loophole: in order to "write", the filesystem has to receive the data to be written - otherwise, it's untestable (if it doesn't get the data to be written it could write whatever it wants and pass all tests) which is a roundabout way of saying that if it doesn't get the data it can't possibly work. So it has to get the data. At that point it could be saved if the filesystem is modified (patched) to exfiltrate it. So we have to assume that you kind-of trust the filesystem not to be patched.
But if the filesystem is not modified, though, that means you're fine with the path that that data takes all the way until your filesystem writes it -- however, in this case your requirements are 100% met by encrypting to the public key and writing that out.
#jakobdabo's requirements
#include <pgp stuff>
#include <filesystem stuff>
public key = arg0
private key = arg1
read_file(filename){
if (have_private_key)
try decrypt(private_key, read(filenename))
return result
except "didn't work"
else
"I wasn't called with a private key."
}
write_file(filename, data)
towrite = encrypt(filename, data) //encrypted metada inside
try write towrite
except "didn't work"
I want to determine whether anyone is accessing a server at the moment.
Server is idling, with sockets listening to answer web queries.
Suddenly 5,000 Reddit users show up and look through the site, generating lots of logs which nginx dutifully saves - only you're saving it in your encrypted filesystem.
Now.
How would you make it so that the fact that all of this traffic is being saved is hidden? The updates to the drive image would have to happen like clockwork regardless of what was happening. But this isn't a reasonable requirement, as the amount of entropy entering the drive is bigger while Reddit is hugging it than normal. You couldn't make it so that you are saving as much information as at top load. so what do you do? Reduce the top average to some level that you can continuously fabricate?
It doesn't make sense.
So you wouldn't hide whether any data was being saved by the dash-cam at all. but it's easy to save an encrypted version. the dash cam doesn't even need the private key.
but you do have to trust the software running on it. (for example to correctly do the encryption and not also write the underlying data somehow.)
If you do run a dashcam I would suggest having one that does not record audio and only keeps the last 5-10min of footage on record because GL explaining to the cops why you have been driving like a jackass just before the accident even if it had nothing to do with it.
Or just don't drive like a jackass. It's a serious business, take it seriously.
I figure this happens with police dashcams and bodycams all the time.
If you destroy the contents of the card it doesn't look good, that fact can be brought up against you (tampering with a car that was involved in an accident especially one with casualties could potentially be a crime on it's own).
If you present only the snippets that support your case the other party will petition the court to for you to present the unedited video if you cannot the entire thing will most likely be thrown out (the other side might be able to present the fact that you have attempted to present an edited video and have discarded the raw footage which will likely not fair well with a jury).
Not to mention that having the video it self could put you at risk of perjury or being found in contempt if you try to do anything after the fact.
I bought two $15 Chinese dash cams. The same ones that are being peddled for 40 bucks plus S&H on t.v.
I bought the second one just in case the first one goes down.
I haven't been pulled over since.
How many times did you get pulled over before the cameras and over what time period? And how long have the cameras been installed?
All of these things become more clear once you realize they are primarily about sight-lines.
What does a dotted line mean in your country?
I switched though, because the only questions I'd get was of people using my commands on Raspbian and getting confused. I think the RPi audience is full of beginners that don't understand the difference between distro's and the kernel. Of course one should do as one pleases and Arch is the nicest distro if you known what you are doing, imho.
>I switched though, because the only questions I'd get was of people using my commands on Raspbian and getting confused.
Not to attack your blog but was everything that Arch specific?
There was some discussion about this on a pi board a while back; it seems that the only safe way to handle power-off is to (1) have a battery on the pi, and (2) catch the USB power-off signal and then shutdown gracefully.
At least, that's how the Chinese dash cams seem to work. They all have rudimentary batteries that last about one minute unplugged from the power outlet.
> For the automatic shutdown I have used a 12V programmable timer in combination with an optocoupler.
> When the car is powered the the timer gets triggered and is starting the power supply for the Raspberry pi, Dashcam pi will get started and will do its job. When the car is turned off the optocoupler triggers the GPIO pin of the raspberry and starts a shutdown. After 15 seconds the timer is shutting down and the raspberry pi is powerless.
1: http://pidashcam.blogspot.com/2016/03/cheap-solution-for-aut...
However, the rise of dash cams are better solution for video as they are much cheaper, easier to install and run, and video is much higher quality. The cheap $45 dashcam has 1080p with 30fps, no need to buy 12v relay timer and deal with other power issues. Also the video on dashcams outperform the webcam attached to the RPi due to RPi's slow USB2 (we're talking 15fps at best).
For more complete and capable product, I'd suggest using something with USB 3.0 port, or possibly a used laptop, which provides enough processing power to record multiple videos at higher quality, and at the same time, has built-in battery, provide power management (using serial port/other hack to handle automatic shutdown and WOL for reboot).
Note: A lot of the functionality of CarPC has been deprecated due to mobile device/phone/tablets, but it's still fun to have a PC running in a car.
Why? Because if a cop/other driver ever gets mad at you and forces you to hand over the flash drive, you still have a copy.
Also, I'd add two microphones to the project, one for exterior sound, one for interior (e.g. to prove what exactly has been said, or in case of a crash if other drivers have honked, or if an ambulance had its sirens on).
And, I wouldn't use a Pi, but rather something supporting SATA, because USB flash drives tend to have low lifecycles when constantly overwritten.
[1] http://www.fujitsu.com/us/products/devices/semiconductor/gdc... [2] http://www.fujitsu.com/us/products/devices/semiconductor/gdc...
http://o.aolcdn.com/hss/storage/midas/93697564cc7197a3e35979...
I guess it probably wouldnt work though as close objects would be obstructed.
