You are reading a single comment by @Eyzi and its replies.
Click here to read the full conversation.
-
Awesome. Thanks, @Gordon! Every device will be configured by the server/MQTT broker (in this case, an Rpi) where the encryption keys will be stored so they're not in the device itself.
I'll give the AES encryption a go. Though, I wonder if the device will run as is without needing to decrypt the data in it, if it doesn't have the key. For example, if I store an AES encrypted WiFi SSID and password via the Storage module, will it be able to read/use it?
Eyzi
E.setPasswordis definitely in there. You also have AES encryption, so you can write stuff to flash memory using something like theStoragemodule after it's encrypted.Of course if you encrypt it then to be safe you want to find a way of not storing the encryption key on the device itself :)
The JS code is on the device as you say, but you can minify it using an option in the Web IDE to make it more or less unreadable, and making sure you do the normal upload then
save()(not 'save on send') means that in flash memory your JS code is all over the place so it'll be extremely hard to reconstruct if someone were to try and read the contents of your memory.