Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This object provides miscellaneous device configuration and customization methodsa method to encrypt storage.

devicecustomization IDL

Code Block
languagejs
interface DeviceCustomization {
    Promise<void> installBlessing(BlessingsOptions params);
    Promise<void> prepareForBlessing(BlessingsOptions params);
    Promise<void> encryptStorage(String device, StorageEncryptionOptions params);
};

interface BlessingsOptions {
attribute String bp3_server;
attribute String url;
};

interface StorageEncryptionOptions {
attribute String method;
attribute String passphrase;
attribute Boolean format;
};
Panel
borderColor#3D3D3D
bgColor#F4F4F4
titleColor#3D3D3D
borderWidth0
titleBGColor#3D3D3D
borderStylesolid

ON THIS PAGE

Table of Contents
indent20px

Object Creation

Code Block
languagejs
let DeviceCustomizationClass = require("@brightsign/devicecustomization");
let devicecustomization = new DeviceCustomizationClass();

DeviceCustomization

installBlessing()
Code Block
languagejs
Promise<void> installBlessing(BlessingsOptions params)
prepareForBlessing()
Code Block
languagejs
Promise<void> prepareForBlessing(BlessingsOptions params)

encryptStorage()
Code Block
languagejs
Promise<void> encryptStorage(String device, StorageEncryptionOptions params)

Encrypts the contents of a storage device using an encryption key stored in the private section of the player registry. This prevents other devices from reading the names or contents of files on the storage device (though file metadata will still be readable). The storage device can still be mounted on other devices, which can list, delete, and copy files (even though they cannot read them).

The device parameter specifies which storage drive to encrypt (see this page for a list of valid drive names), and the process is configured with the passed StorageEncryptionOptions parameters.

StorageEncryptionOptions

Attributes
  • method string: The encryption method, which can be one of the following:

    • "none": Encryption is disabled and any encryption keys for the storage device are deleted from the registry. 

    • "passphrase": The storage device is encrypted using an un-obfuscated passphrase.

    • "obfuscated_passphrase": The storage device is encrypted using an obfuscated passphrase. Contact support@brightsign.biz to learn more about generating a key for obfuscation and storing it on the player. 

    • "brightsign_key": The storage device is encrypted using an encryption key that is common to all BrightSign players, but is not shared with outside parties. 

    • "generate_key": The storage device is encrypted using an encryption key that is generated on-demand using a secure random generator. The private registry of the player contains the only copy of the key; if the value in the registry is erased or becomes corrupted, there will be no way to recover data from that storage device. The private registry does not distinguish between different physical volumes of the same drive. For example, if you encrypt two SD cards, the key for the first SD card will be overwritten when the second SD card is encrypted; in the case of a randomly generated key, the data from the first SD card will be irretrievable.

  • passphrase string: The passphrase for encrypting the storage device. This parameter must be included if the method is specified as "passphrase" or "obfuscated_passphrase"

  • format boolean: Setting this parameter to true will cause the specified storage device to be reformatted–all existing files will be deleted (but are not guaranteed to be securely erased) before the device is encrypted; however, if the device cannot be reformatted, the operation will fail. If this parameter is set to false, the storage device will be mounted as if it has been previously encrypted using the supplied key.

    • If the storage device hasn't been previously encrypted, it will be encrypted while leaving any preexisting files unencrypted. If the storage device has been encrypted using a different key, the operation will fail.

    • If the format parameter is not specified, the storage device will be mounted as if it has been previously encrypted using the supplied key. If the storage device hasn't been previously encrypted, the operation will fail.