0

I've written a script that clones new files from a remote server to my raspberry pi. The script automatically runs a couple of times a day and reads the login information for the server from a YAML configuration file. For security reasons, I want to encrypt the YAML file so that nobody form outside (internet) or inside (my roommates) can read the file and steal the login information without permission. So far, I've come up with a script that uses PyCrypto for AES encryption and decryption.

I don't get how to securely hide the key (used to encrypt and decrypt) the YAML config. Can somebody recommend a good strategy? The script needs to have access each time it is scheduled to run, in order to get the login information. Providing the key manually is thus not very handy.

St4rb0y
  • 317
  • 3
  • 5
  • 22
  • I don't think there is any way to prevent a local attack if they have access to the device, depending on how far you are willing to go, you can run the pi on separate partitions, with the main partition being encrypted, and have a password on the bootloader, of course you would have to put in a password at boot... – Grady Player Aug 25 '16 at 15:53
  • Thanks you, for your answer. – St4rb0y Aug 27 '16 at 13:18

0 Answers0