Encrypt files recording on ARM
Answered
Hello,
I need to know if it's possible to add a features, to encrypt files recording on a Raspberry.
We want to use Raspberry to build a Mobile Camera for a city, but is really not secure if all recording files on the SD CARD isn't encrypted....
Do you have any solution ?
Best regards,
Norman Tagir Gadelshin
-
Hi Jordan,
Did you also consider to use a file or block based encryption solution like luks?
See the docs of the package cryptsetup for more information related to this.The package should be available via the default APT repo`s
0 -
A Mobile Camera, need to boot alone without any password.
I need this, if a person steal the SD CARD on the RPI, and plug the SD CARD in other computer, he can't read any files recordings from NX0 -
Hi Jordan,
I haven't tried it on my RPI's,but since it's Linux I assume you can do a full disk encryption and pass the authentication via network address verification.
That being said; be aware that SD cards aren't reliable enough to use in a production systems to boot from and definitely not for data rotation. SD corruption is just a matter of time.
Therefore we state that the builds for ARM based SBC are for prototyping and experimental use only and should not be used in a production system without a script that uses a external HDD for booting and data retention.
At that moment, full disk encryption will be harder to implement.
In the future we will offer encryption for the data through our application.
0 -
Hi Norman,
Yes in Linux it's possible to do full disk encryption, but I don't find the right solution.
I think the best solution, it's to encrypt all data trough your application.
The Law in france for Mobile camera is :- If anyone steal the storage, he can't read the data in any media player and can't explore files from the storage.
In a CCTV center, is not a problem because it's a secure room and if no one can enter in this room. Only Police government.
But with a Mobile Camera, in a city it's a problem.
Raspberry & purple SD CARD is the best solution to build a compact Mobile Camera, all R&D it's finish, we have success to build this autonom mobile camera.
Last issues, is the encryption of data.
I hope you have any fast solution for me, because we have already many customers for this Mobile Camera.0 -
Jordan,
We have an "Archive Encryption" feature scheduled for the 4.3 release. Don't have any exact time estimates, but it is at least half a year from now.
0 -
Hi Jordan IUNCKER,
Although we will get full-disk encryption in 4.3, I'm not sure that it will work on the RPI due to the lack of the TPM module, but maybe our developers can apply some magic.
At this stage Network Bound Disk Encryption with the help of LUKS is the go-to method as Danny van den Berg mentioned. Here is nice step-by-step instruction about how to set up LUKS on the RPI.
0 -
Hi Norman,
Okey I try this solutions.
But, My mobile camera, has no connection.
Because I install it in a city and it is autonomous.
It has only wlan0 (wifi) activated, and the 4G connection.I don't really know how to do it?Because it checks at startup the ip of eth0 if I understood well?0 -
Hi Jordan,
The 4G connection is a connection.
Haven't tried it, but in theory this should work.0 -
Hi Norman,
Hey right, I know of course.
So you think, I can setup a tang server in a server at my office, and in my rpi I setup a local dhcp to set a ip to my 4G connection with (usb0) and when my RPI get an IP, he use the 4G connection to speak with my tang server at my office and decrypt itself ?Regards,
0 -
Hi Jordan IUNCKER,
That is the theory, but no promises.
0 -
Hi Norman,
Okey I understand, but I never setup any tang server, I don't know what is this ?
Can you explain me, please ?Regards,
0 -
Hi Jordan IUNCKER,
I can't help you with this. This is outside our scope of support and personally I never have set up LUKS before for my RPI before, so I should dig into it as well.
0
Please sign in to leave a comment.
Comments
12 comments