Remote encrypted printing


#1

I have an idea out of a problem. A 3D creator who sells his 3D creations has to print and send his work. Now I would like to buy something from him. I do own a printer myself of course and he could print the object on my printer. The problem is, he does not want to share his STL which he spent months of work designing. So my feature request would be that the seller can access my printer with my permission and print the object without me as the printer owner having access to his print file. Or better for security reasons to put an encrypted object into Octoprint that Octoprint will allow me to print once and delete. The owner could even not have access to the printer at all but send me an encrypted file that can be printed once and selfdestruct :slight_smile:
Would something like that be possible?

kind regards
roads


#2

Don't think this is doable, certainly not without modifications to the firmware. Thing is, even if there were a "secure connection" between the designer's file and OctoPrint, the serial protocol is still plain text, there's nothing stopping you from listening to the wire and dumping the gcode from there. It of course wouldn't give you access to the STL itself.

With regards to putting an encrypted object onto your OctoPrint instance, thing is, the file would need to be decrypted at one point, which means a key needs to be present. Considering the owner of the OctoPrint instance has hardware access, and an rpi is not a secure device, it's not a realistic possibility. At best it would be security by obscurity.

Certainly an interesting idea, but there are a lot of technical problems that would need to be overcome to accomplish something like that.


#3

That’s what I feared. Thanks for elaborating.


#4

I recently saw a demonstration at a trade show of this - custom OctoPrint responsible of decrypting DRMd files sent to it, then sending it on to the printer. My pointed question how that second plain text communication channel was secured against sniffing and hence extraction of the content was met with awkward silence, followed by a nervous "Oh, I'm sorry, that's not my expertise" So... :woman_shrugging:


#5

This is basically digital rights management (DRM). Rather than giving up the rights to your printer, in theory, you'd be more interested in controlling the file:

  • only print one time
  • only print on the selected printer
  • anyone else trying this (or the second attempt even on the selected printer) would result in garbage

I wrote something to slice for a particular printer, then to encrypt the extrusion amounts using the printer's wi-fi MAC address as the seed. A process downstream then needs to use the printer's MAC address to decrypt the extrusion amounts but only runs if the print count hasn't been exceeded.

It's certainly do-able but it's a bit too complicated for the end-user for the installation, to be honest.