raspberry pi Raspberry pi encryption

[Almightyflame]

I have a question about Raspberry pi Encryption. I am looking for a way/idea how can I have an encryption between my Raspberry and the SD card so if someone manage to get his hands on my SD card, he wont be able to read the files.  Also if the Raspberry Pi has its encryption written in the RAM, the problem is that it will get deleted after a reboot.  

 

Thanks in advance.

[suedseefrucht]

44 minutes ago, Almightyflame said:

the problem is that it will get deleted after a reboot.  

An encryption usually works with a password. So if you type in the password, the content will be usable.
So you dont want to type in a password? And it should be able to start on it's own?
Well, if someone can steal your SD card, he can also just steal the whole raspberry pi.
So it will not be very safe this way.
It's safe if you just use a password and you are the only one knowing it.

Or you make it work in a way, so it works in your home network only by running some kind of webserver, where the raspberry pi gets it's password. So if you raspberry pi was stolen, it can only be read in your network.

What exactly are you worried about? Who should steal your SD card?
If you are worried about children, they would also use your network, I guess...

[RageTester]

Are you bringing it with you?

I wonder what important files are you trying to store on micro SD card. In case card gets corrupted you can probably access files from another computer with linux operating system on it.

Raspberry can be booted from external drive, increasing performance and reliability. It's hard to imagine more security than keeping only berryboot on mirco SD card and physically storing external drive in a different location.

 

It would be better to ask around on RPi forums:

https://www.raspberrypi.org/forums/viewtopic.php?t=296073

[mariushm]

The PI has general purpose IO pins and also has USB ports.  You could make yourself a dongle with a tiny EEPROM chip that holds your password, or have a password in a text file on the usb stick. 

When PI starts, a small program can access the dongle plugged into some IO pins, or search for the usb stick and read the password and keep it in ram. Once the pi is started, you can disconnect the dongle or usb stick. 

Each time you write something to the SD card, encrypt it with that password... if you don't know how to encrypt, just use 7zip or something to make a zip of each file written to sd card, with the password set to your password.

 

You could probably install something like truecrypt and create an encrypted volume and open the volume with the password from external source - if someone steals the pi without the dongle or usb stick attached, the encrypted volume will only stay open until pi loses power.

 

[artuc]

To add there are crypto co-processors

 

Like so:

https://store.zymbit.com/products/zymkey4i

 

This is just one I found, can find other uC or Linux ones with different capabilities.