Encrypt wifi password

[jasaw]

The Feature

The wifi password is stored as clear text on the microSD card and AI-on-the-edge devices are typically installed outside the house where someone can easily steal the device.

We should add one layer of protection to make it slightly less difficult for people figure out the wifi password.

Proposal:

1. Generate an encryption key (unique to each device) on start up if it doesn't already exist and store this encryption key in the ESP32 flash. This encryption key is never published anywhere, inaccessible via web interface.
2. Read the wifi password from the SD card and look for some marker that allows us identify whether the wifi password is already encrypted or not.
3. If wifi password is not encrypted, encrypt it, add marker, write it back to SD card.
4. If wifi password is already encrypted, decrypt it (exclude the marker) and hand it over to the ESP32 stack to be used.

As for the encrypted wifi password marker, we could prefix a few non-printable characters to the encrypted wifi password string. If the user changes the wifi password on the SD card, the non-printable characters will be removed and triggers the encryption again.

The encryption can be a simple AES encryption.

[SybexX]

AES encryption uses too many ESP resources compared to the benefits it brings. If so, I would read the WiFi access data from the SD as normal and when a connection is established, save the access data in the flash and delete it from the SD. Then always check whether the Wlan.ini file exists or not, if not, then read the access data from the flash. Of course if the access data is not available on the SD and Flash, an error will be output or the AP will start.

[jomjol]

Security features are by purpose not part of this public version. I do not plan to implement them here.