Skip to main content

smartMINI/smartRAIL: Encryption of the log files

As of Yocto version 4.3.0 or DeviceManager version 20.19, it is possible to encrypt the log files which can be requested by the cloud can be encrypted.

If encryption is activated, the TAR.GZ archives are encrypted symmetrically using AES-256-CBC with PBKDF2 key derivation. The files have the extension tar.gz.enc

The open source software OpenSSL can be used for decryption. This is also available for Windows:

  • htps://slproweb.com/products/Win32OpenSSL.html
  • htps://slproweb.com/download/Win64OpenSSL_Light-3_0_8.msi

Under Linux, OpenSSL can be installed from the package sources of the distributions.

Note on realization

If the log files are requested, the open log files are copied, extended by the output of various command line programs, the configuration files are added and stored in a temporary folder to compress them. temporary folder in order to compress them. In earlier versions, this temporary folder was stored on the SD card (and left there as a backup). In the current version checks whether there is enough space on the eMMC for the temporary folder. (This should always be the case with Quad Core devices, as they have twice as much eMMC Flash as the single core devices). Depending on the available space, the log files may no longer end up on the SD card. After copying, the log files are compressed (and optionally encrypted). Afterwards the temporary folder is deleted again immediately for security reasons, unlike older versions.

Switching on the encryption

SCPI command to DeviceManager: SYSTEM:LOGFILE:PASSWORD somepassword

Disable encryption (by deleting the password)

SCPI command to DeviceManager: SYSTEM:LOGFILE:PASSWORD

Decryption under Windows

"c:\Program Files\OpenSSL-Win64\bin\openssl.exe" aes-256- cbc -pbkdf -salt -d -in d:\Temp\20230209_091352-log_2023_02_09__09_13_47.tar.gz.enc --pass pass:somepassword > d:\ Temp\logfiles.tar.gz

The TAR.GZ file can then be unpacked normally ...

Decryption under Linux

openssl aes-256- cbc -pbkdf2 -salt -d -in 20230209_091352-log_2023_02_09__09_13_47.tar.gz.enc --pass pass:somepassword | tar xz

Here decrypting and unpacking is done in one step.