BetterCorp/BetterFrame
1
0
Fork 0
mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 16:56:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
BetterFrame/kiosk
History
Mitchell R caf6095b6e
feat(security): per-kiosk encryption keys for camera passwords 
Replaces shared cluster_key for bundle encryption. Each kiosk gets a
unique 32-byte AES key generated at pairing time:

Server:
  - confirmPairing generates randomBytes(32), stores encrypted with
    server secret on kiosks.encrypt_key_encrypted column
  - Delivers plaintext encrypt_key to kiosk in claim response (one-time)
  - generateBundle prefers per-kiosk key over cluster_key for
    encryptForCluster (same AES-256-GCM format, different key per kiosk)

Kiosk:
  - ClaimResp gains encrypt_key field, stored encrypted at rest
  - onvif_events prefers encrypt_key over cluster_key for decryption
  - Backward compatible: old kiosks without encrypt_key still use
    cluster_key (both delivered at pairing)

Security improvement: compromised SD card only exposes camera passwords
encrypted for THAT specific kiosk, not the entire fleet. Rotate by
deleting + re-pairing the compromised kiosk.
2026-05-23 01:36:43 +02:00
..
src feat(security): per-kiosk encryption keys for camera passwords 2026-05-23 01:36:43 +02:00
Cargo.lock feat(ota): add RAUC OS update foundation 2026-05-20 05:15:29 +02:00
Cargo.toml feat(onvif-events): PullPoint subscription for all ONVIF cameras 2026-05-21 12:03:30 +02:00
prototype.sh fix(deploy): require proxied local services 2026-05-11 09:51:00 +02:00