I decided to use my new Raspberry Pi 3 as (amongst other things) a web server for a household wiki, where we’ll keep useful information: things like home, motor, and travel insurance details, utility accounts and contact information, and all the hundreds of other things that one or both of us may need to check at some point.
Very handy, but of course there are some major security concerns. The wiki’s contents would be a treasure-trove for identity theft. Here’s how I set everything up.
First, the machine itself. The Pi is on the local network only; it’s not externally accessible, nor does the machine have any access to other devices on our network. The user account has a strong password, VNC is disabled, and the Pi doesn’t log into any account at boot time. I have keyless SSH access from my (FileVault-enabled, password-protected) MacBook for convenience. The Pi’s swap is encrypted.
The wiki (which is MoinMoin, with the memodump theme - here’s how to set it up on a Pi) is served by nginx. The wiki itself is behind per-user authentication so any houseguests on our wifi can’t access it, and it’s backed up daily from a local machine (i.e. the backups are pulled over; as I said, the Pi cannot access any other devices itself).
The big risk, of course, is the wiki’s data. Anyone could remove the microSD card from the Pi, or just put the whole machine in their pocket. Thus, the wiki is on an encrypted volume which doesn’t (and can’t) automatically mount on boot. The relevant key to unlock the wiki’s volume naturally isn’t present on the Pi: either myself or my wife has to decrypt the wiki each time we reboot the Pi – which will be a very rare occurrence.
To make this process as painless as possible, each of us carries a tiny USB decryption key, which is a normal flash drive with the key present on it. The devices are always with us on our physical keychains. The Pi listens for the insertion of USB devices, mounts them automatically, and looks for a key. If the wiki volume is encrypted, it attempts to decrypt using the key. This happens any time a device is attached, or upon boot if a device is already inserted. The auto-mounting and on-mount hooks are provided by usbmount, and the handler is my own, written in Python.
The decryption keys are marked with green labels. There’s also a red-labelled kill-key which will destroy the wiki volume when inserted, but I see little reason to keep that with me; it was more of a thriller-novel kind of cool idea I wanted to play with. It does indeed work – and of course I’ll still have my backups, stored elsewhere remotely in the cloud, and encrypted with my own different key.
Here’s a quick (26 seconds) YouTube video of decryption, which is also embedded below.
(Note: the Pi doesn’t usually live beside my laptop; it’s just easier to make the video here. It’s normally hidden away elsewhere. Oh, and the nice “Not Available” display when the wiki’s volume is encrypted is just a custom 503 handler with nginx.)
As you can see, my Raspberry Pi has a Display-O-Tron HAT attached to it to provide feedback. I can also use a quick double-tap on the Display-O-Tron’s touch buttons to encrypt the wiki immediately at any time. And if either of us lose our decryption drive, I’ll re-encrypt the wiki with a different key, and issue new drives from my spares.
Necessary? Almost certainly not. But a fun little project. Now I just need to actually type all the boring household data into the wiki to make it useful.