I would like to protect my .bin file after compiling process in order to avoid reverse engineering techniques ( i.e. binwalk could simply unsquash my .bin firmware and see all the file system )
Could you recommend any tools for crypting the .bin file or other techniques?
throughout the image lifecycle? i.e. supported at the flashing stage by the device itself?
what about device backups?
in short... 'cryping the bin' unto itself would achieve very little... take a moment to consider your intent and explain in more detail what you expect to achieve...
I have my firmware.bin;
if I do binwalk -e firmware.bin I can see all the file system and the content of /etc, /www..etc
I would like to protect my firmware.bin from this kind of reverse eng.
And if I have to upgrade a device ( i.e. via sysupgrade ) I will change the sysupgrade scritp so it will firstly decrypt the firmware.bin, and then perform a sysupgrade.
take a look at how @hnyman crypts his configs with his buildscripts...
most simple techniques will revolve around similar methodology... albeit perhaps with alternate tools, limited to what your able to have present on the router at the decryption stage.
more advanced stuff like bootstrapping cryptsetup/fs or bootloader signing are involved (and risky) processes.