So, I’ve had a bit of a stupid idea for my next programming project, which would be implementing a Microsoft Recall alternative for Linux where the data is encrypted. I’ve now written a bit of code and have come to the point where I’d need to encrypt the files. My plan was to use asymmetric encryption where the secret key is again encrypted using something like AES and the user needs to decrypt the private key to view the screenshots taken / data extracted from the screenshots.

I have now learned that asymmetric encryption is very slow and it’s generally not designed to encrypt large chunks of data, so I’m not sure how to continue. Do you think asymmetric encryption is feasible for this? Any idea how else to do the encryption? Ideally I would like for the server that takes the screenshots to not have a key that can decrypt the files since that wouldn’t be as secure.

  • trolololol@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago

    I disagree, I’m with OP. screenshots contain (previously) temporary information from all sorts, such as a private meeting between 2 parties with confidencial, eyes only, data. And for going towards extreme privacy end of spectrum, proving you know someone is already a red flag.

    If someone has a trojan running with access to the disk, yes it’s a big deal. But it’s still worth limiting the extent of it by putting extra protection in the things such this. A hacker can have the screenshot files but won’t be able to do anything with it.

    • Daxtron2@startrek.website
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      Unless you’re constantly running a secure overwrite of your free disk space, ram and CPU caches, no data is truly temporary. There is always a possibility for recovery by a skilled enough adversary.

      • verstra
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        Well yea that’s the point: unencrypted recall database would make this sooo much easier.