How can I protect sensitive information?

[fandres]

Hi Everyone, I've tried to implement MQTT and TLS (self-signed Certificates) on board ESP8266 with micropython version 1.9.3 and I have not succeeded; in the MQTT protocol there is the possibility of using authentication by username and password, but I was wondering how to make this more secure since hosting it in a code or in a text file is not very secure.

Do you have any idea how to protect this sensitive information? Is it possible to encrypt files? Do you use GPG keys?

Thank you

[flynnguy]

Personally, I use ujson and store things in a 'secrets.json' file that looks something like:

Code: Select all

{
  "mqtt": {
    "host": "example.com",
    "pass": "your_pass",
    "prefix": "prefix",
    "user": "username"
  }
}

And then in code:

Code: Select all

import ujson
import ubinascii
import machine
from umqtt.simple import MQTTClient

with open('secrets.json') as fp:
    secrets = ujson.loads(fp.read())

client = MQTTClient(
    client_id='esp8266_{}'.format(
        str(ubinascii.hexlify(machine.unique_id()), 'utf-8'),
    ),
    server=secrets['mqtt']['host'],
    user=secrets['mqtt']['user'],
    password=secrets['mqtt']['pass'],
)
client.connect()

I then add the secrets.json file to my .gitignore. This helps protect secrets from people who have access to your repo. However, if someone has access to the secrets file (either via physical access to the board or to your computer where you store it) you are out of luck.

[SpotlightKid]

You could put the configuration in a Python module file and add that to the frozen modules. Then someone trying to get at it would need to read out the RAM or the flash memory of your board, which makes this a bit more inconvenient but will not detract determined attackers. Also it makes it difficult to change the password on-the-fly.

[fandres]

Hi flynnguy ,
I am currently working that way. I have a config.py file. I'm worried about physical access, because the passwords are saved in that file. For development it's fine but no more than that.
:/

[fandres]

Hi SpotlightKid,
That's the option I like the most, but the problem is the firmware update. It is still the best option but I would like to encrypt the file system or some other option that allows to update the firmware, mainly for flexibility, since they are several devices.

[on4aa]

The confidentiality of your application code might actually also be at risk by virtue of the firmware and certain libraries.

I am absolutely not saying that this is happening, but just to put an example: closed source firmware could be leaking your application code to an off-site server as soon as WLAN connectivity is established. Without the source code, it is hard to tell it is not (but not impossible). Sticking to official MicroPython ports with proper licensing might be the safest option here, at the expense of missing out on certain features.

On the other, this makes it not any different from closed-source Microsoft Windows which is leaking WLAN passwords and all kinds of stuff about its users without their prior consent. This is why I prefer to use GNU/Linux operating systems.

What definitely is breaching the confidentiality of your application code, is the m5cloud MicroPython module. It effectively loads your application code to the M5Stack cloud server, supposedly for your programming convenience. According to M5Stack, deleting import wifisetup and import m5cloud from boot.py would stop it from doing so. What bothers me most, is that M5Stack does not warn its customers upfront about this.

[on4aa]

This discussion is related to the following loboris MicroPython for ESP32 issue.

[tuupola]

It effectively loads your application code to the M5Stack cloud server, supposedly for your programming convenience.

How did you expect it to work? If the code editor is in the cloud obviously the code needs to be in the cloud too.

Or is the problem that the M5Stack version of MicroPython firmware uploads the code stored in flash to the cloud without user consent even if you are not using the cloud editor to edit the code?

[on4aa]

Or is the problem that the M5Stack version of MicroPython firmware uploads the code stored in flash to the cloud without user consent even if you are not using the cloud editor to edit the code?

Exactly.

[tuupola]

Or is the problem that the M5Stack version of MicroPython firmware uploads the code stored in flash to the cloud without user consent even if you are not using the cloud editor to edit the code?

Exactly.

Uh, that does not sound good. I will install their firmware to peek around what is happening. In the meanwhile you could just install Loboris fork. It is what M5Stack is also using with couple of extra libraries.