Encrypted MQTT on Raspberry Pi
Encrypt MQTT traffic on an RPI
Hello and welcome back. Today I will be talking about how to encrypt the data in use and at rest while using MQTT. The MQTT transport will be unencrypted to ensure minimum requirements for the broker.
Why
I wanted to show the power of the Virtru Developer Platform using a known, popular, and low powered device to display the performance of the Virtru SDK. MQTT is a popular transport for IoT traffic that has varying levels of Quality of Service and security. Using this approach, the traffic does not need to be explicitly encrypted and the recipient must also be authenticated to decrypt the message.
Diagram
Technologies Used
- Virtru Developer Platform — Python SDK
- Virtru Developer Platform — AppId
- Mosquito MQTT Broker
- Paho MQTT Client
- subscribe.py
- publish.py
MQTT Broker Setup (x86)
Host Setup
- EC2
- t2.micro
- Ubuntu 18.04
- Public IP
- AWS Inbound Firewall Open 1883
Host Application
sudo apt update
sudo apt upgrade
sudo apt install mosquitto
systemctl status mosquitto
sudo tail -f /var/log/mosquitto/mosquitto.logMQTT Client Publish Setup (ARM)
Host Setup
- Raspberry Pi 4
- Raspian Version 10 (buster)
Host Application
# publish.py in ~/publish/
# update the appid in publish.py
# update the owner email in publish.py
# update the broker IP in publish.pysudo apt update
sudo apt upgrade
sudo apt install python3-pip
sudo python3 -m pip install --upgrade pip
pip3 install virtru-sdk
pip3 install paho-mqtt
cd ~/publish/
python3 publish.py
MQTT Client Subscriber Setup (ARM)
Host Setup
- Raspberry Pi 4
- Raspian Version 10 (buster)
Host Application
# subscribe.py in ~/subscribe/
# update the appid in subscribe.py
# update the owner email in subscribe.py
# update the broker IP in subscribe.pysudo apt update
sudo apt upgrade
sudo apt install python3-pip
sudo python3 -m pip install --upgrade pip
pip3 install virtru-sdk
pip3 install paho-mqtt
cd ~/subscribe/
python3 subscribe.py
MQTT Client Subscriber Setup (x86)
Host Setup
- EC2
- t2.micro
- Ubuntu 18.04
Host Application
# subscribe.py in ~/subscribe/
# update the appid in subscribe.py
# update the owner email in subscribe.py
# update the broker IP in subscribe.pysudo apt update
sudo apt upgrade
sudo apt install python3-pip
sudo python3 -m pip install --upgrade pip
pip3 install virtru-sdk
pip3 install paho-mqtt
cd ~/subscribe/
python3 subscribe.py
subscribe.py
publish.py
Conclusion
With the release of the Virtru SDK to the Raspberry Pi, a whole new world of opportunities opens up. This post is the first related to IoT, RPI, and ARM-based processors. There is no speed penalty to use the ARM-based SDK as the Python SDK is a wrapper for the C++ SDK.
