mirror of
https://github.com/meshtastic/meshtastic.git
synced 2024-12-25 21:54:20 -08:00
Merge branch 'master' into hardware-canary-one
This commit is contained in:
commit
67f6d0515a
|
@ -7,6 +7,19 @@ sidebar_position: 3
|
||||||
description: "Understand Meshtastic's encryption: optional network-wide AES256 security for off-grid communication, ensuring confidentiality against passive eavesdropping."
|
description: "Understand Meshtastic's encryption: optional network-wide AES256 security for off-grid communication, ensuring confidentiality against passive eavesdropping."
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## Explanation
|
||||||
|
|
||||||
|
Meshtastic provides AES256 encryption for the payload of each packet when sending via LoRa, with a different key for each [channel](/docs/configuration/radio/channels/). The [packet header](/docs/overview/mesh-algo/#layer-1-unreliable-zero-hop-messaging) is always sent unencrypted, which allows nodes to relay packets they can't decrypt as well. One can disable this by setting a different [rebroadcast mode](/docs/configuration/radio/device#rebroadcast-mode).
|
||||||
|
|
||||||
|
By default you have one primary channel which is encrypted with a simple known key ("AQ=="), so to use proper encryption you **must change** this key first, or create a new channel and share it with the ones you want to communicate with. However, if you don't have the default key, it means you will not be able to communicate with devices that don't have your key.
|
||||||
|
|
||||||
|
Direct messages to a specific node (e.g. text, traceroute or position requests) may use any channel you share with the recipient. Namely, the device will use the one where it most recently heard a NodeInfo packet from the recipient on. Client apps will not show messages directed to other nodes, but in principle they could be read by **anyone** who knows the used channel key. This means that if it uses the default key, you have to assume anyone could read your direct messages.
|
||||||
|
|
||||||
|
All periodic broadcasts (position, telemetry, etc.) the device sends out itself are sent over the primary channel and thus encrypted with that key.
|
||||||
|
|
||||||
|
The device will decrypt the payload before sending it to a client app via BLE, serial, Wi-Fi/Ethernet. For MQTT you can [specify](/docs/configuration/module/mqtt#encryption-enabled) whether you want to send an encrypted or unencrypted payload.
|
||||||
|
|
||||||
|
## Comments
|
||||||
|
|
||||||
Cryptography is tricky, so we've tried to 'simply' apply standard crypto solutions to our implementation. However, the project developers are not cryptography experts.
|
Cryptography is tricky, so we've tried to 'simply' apply standard crypto solutions to our implementation. However, the project developers are not cryptography experts.
|
||||||
|
|
||||||
|
@ -33,7 +46,7 @@ Always keep in mind [xkcd's note on encryption](https://xkcd.com/538).
|
||||||
- Consider our existing solution 'alpha' and probably fairly secure against a not particularly aggressive adversary (but we can't yet make a more confident statement).
|
- Consider our existing solution 'alpha' and probably fairly secure against a not particularly aggressive adversary (but we can't yet make a more confident statement).
|
||||||
|
|
||||||
|
|
||||||
## Notes for reviewers
|
### Notes for reviewers
|
||||||
|
|
||||||
If you are reviewing our implementation, this is a brief statement of our method.
|
If you are reviewing our implementation, this is a brief statement of our method.
|
||||||
|
|
||||||
|
@ -46,7 +59,7 @@ If you are reviewing our implementation, this is a brief statement of our method
|
||||||
- Each 16 byte BLOCK for a packet has an incrementing COUNTER. COUNTER starts at zero for the first block of each packet.
|
- Each 16 byte BLOCK for a packet has an incrementing COUNTER. COUNTER starts at zero for the first block of each packet.
|
||||||
- The IV for each block is constructed by concatenating the NONCE as the upper 96 bits of the IV and the COUNTER as the bottom 32 bits. Since our packets are small counter portion will really never be higher than 32 (five bits).
|
- The IV for each block is constructed by concatenating the NONCE as the upper 96 bits of the IV and the COUNTER as the bottom 32 bits. Since our packets are small counter portion will really never be higher than 32 (five bits).
|
||||||
|
|
||||||
## Comments from reviewer #1
|
### Comments from reviewer #1
|
||||||
|
|
||||||
This reviewer is a cryptography professional, but would like to remain anonymous. We thank them for their comments ;-):
|
This reviewer is a cryptography professional, but would like to remain anonymous. We thank them for their comments ;-):
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,7 @@ This layer is conventional non-reliable LoRa packet transmission. A packet gener
|
||||||
| 0x08 | 4 bytes | Integer | Packet Header: The sending node's unique packet ID for this packet. |
|
| 0x08 | 4 bytes | Integer | Packet Header: The sending node's unique packet ID for this packet. |
|
||||||
| 0x0C | 1 byte | Bits | Packet Header: Flags. See the [header flags](#packet-header-flags) for usage. |
|
| 0x0C | 1 byte | Bits | Packet Header: Flags. See the [header flags](#packet-header-flags) for usage. |
|
||||||
| 0x0D | 1 byte | Bits | Packet Header: Channel hash. Used as hint for decryption for the receiver. |
|
| 0x0D | 1 byte | Bits | Packet Header: Channel hash. Used as hint for decryption for the receiver. |
|
||||||
| 0x0E | 2 bytes | Bytes | Packet Header: Padding for memory alignment. |
|
| 0x0E | 2 bytes | Bytes | Packet Header: Reserved for future use. |
|
||||||
| 0x10 | Max. 237 bytes (excl. protobuf overhead) | Bytes | Actual packet data. Unused bytes are not transmitted. |
|
| 0x10 | Max. 237 bytes (excl. protobuf overhead) | Bytes | Actual packet data. Unused bytes are not transmitted. |
|
||||||
|
|
||||||
#### Packet Header Flags
|
#### Packet Header Flags
|
||||||
|
@ -47,7 +47,7 @@ This layer is conventional non-reliable LoRa packet transmission. A packet gener
|
||||||
| 0 | 3 | HopLimit (see note in Layer 3) |
|
| 0 | 3 | HopLimit (see note in Layer 3) |
|
||||||
| 3 | 1 | WantAck |
|
| 3 | 1 | WantAck |
|
||||||
| 4 | 1 | ViaMQTT (packet came via MQTT) |
|
| 4 | 1 | ViaMQTT (packet came via MQTT) |
|
||||||
| 5 .. 7 | 3 | Currently unused |
|
| 5 | 3 | HopStart (original HopLimit) |
|
||||||
|
|
||||||
#### Usage Details
|
#### Usage Details
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,12 @@ import Tropho from "/img/enclosures/3dp-tropho-heltec32.webp";
|
||||||
|
|
||||||
### Heltec LoRa32 v2.1+ Case
|
### Heltec LoRa32 v2.1+ Case
|
||||||
|
|
||||||
Download from [Printables](https://www.printables.com/model/118750-heltec-lora-32-case-for-meshtastic) or purchase from the creator's [Etsy Store](https://www.etsy.com/listing/1170868625/meshtastic-heltec-lora-32-case).
|
Download from [Printables](https://www.printables.com/model/118750-heltec-lora-32-case-for-meshtastic) or purchase an already printed case below.
|
||||||
|
|
||||||
|
- US
|
||||||
|
- [QuantumShadow3D](https://www.etsy.com/listing/1170868625/meshtastic-heltec-lora-32-case).
|
||||||
|
- UK/EU
|
||||||
|
- [3DChicken](https://3dchicken.co.uk/)
|
||||||
|
|
||||||
#### Required Hardware
|
#### Required Hardware
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,13 @@ sidebar_position: 2
|
||||||
|
|
||||||
### T-Beam V5 Case
|
### T-Beam V5 Case
|
||||||
|
|
||||||
Download from [Printables](https://www.printables.com/model/127253-t-beam-case-for-meshtastic-v5) or purchase from the creator's [Etsy Store](https://www.etsy.com/listing/1173559418/meshtastic-t-beam-case-for-neo-m8n).
|
Download from [Printables](https://www.printables.com/model/127253-t-beam-case-for-meshtastic-v5) or purchase an already printed case below.
|
||||||
|
|
||||||
|
Purchase Links:
|
||||||
|
- US
|
||||||
|
- [QuantumShadow3D](https://www.etsy.com/listing/1173559418/meshtastic-t-beam-case-for-neo-m8n)
|
||||||
|
- UK/EU
|
||||||
|
- [3DChicken](https://3dchicken.co.uk/)
|
||||||
|
|
||||||
#### Required Hardware
|
#### Required Hardware
|
||||||
|
|
||||||
|
|
|
@ -16,10 +16,40 @@ them for assistance in getting started or if you're interested in contributing t
|
||||||
organizer with an online presence and wish to be included in this list, please edit this page directly or reach out to
|
organizer with an online presence and wish to be included in this list, please edit this page directly or reach out to
|
||||||
us on [Discord](https://discord.com/invite/ktMAKGBnBs) to add your group.
|
us on [Discord](https://discord.com/invite/ktMAKGBnBs) to add your group.
|
||||||
|
|
||||||
|
## Australia
|
||||||
|
### Tasmania
|
||||||
|
- [Meshtastic User Group Tasmania](https://www.facebook.com/groups/1556630645195649)
|
||||||
|
|
||||||
## Canada
|
## Canada
|
||||||
### Alberta
|
### Alberta
|
||||||
- [YYC Mesh](https://yycmesh.com/)
|
- [YYC Mesh](https://yycmesh.com/)
|
||||||
|
- [Mesht Calgary](https://t.me/meshtcalgary)
|
||||||
|
- [Mesht Alberta](https://t.me/meshtAlta)
|
||||||
|
|
||||||
|
### British Columbia
|
||||||
|
- [Meshtastic BC users group](https://t.me/Mesh_BC)
|
||||||
|
- [Meshtastic Dawson Creek BC users group](https://t.me/Mesh_BC_Dawson_Creek)
|
||||||
|
|
||||||
|
### Manitoba
|
||||||
|
- [Mesht Manitoba](https://t.me/MeshtManitoba)
|
||||||
|
|
||||||
|
### New Brunswick
|
||||||
|
- [Mesht New Brunswick](https://t.me/MeshtNB)
|
||||||
|
### Newfoundland
|
||||||
|
- [Mesht Newfoundland](https://t.me/MeshtNewfoundland)
|
||||||
|
|
||||||
|
### Northwest Territories
|
||||||
|
- [Mesht Northwest Territories](https://t.me/MeshtNWT)
|
||||||
|
|
||||||
|
### Nova Scotia
|
||||||
|
- [Mesht Nova Scotia](https://t.me/MeshtNovaScotia)
|
||||||
|
|
||||||
|
### Prince Edward Island
|
||||||
|
- [Mesht PEI](https://t.me/MeshtPEI)
|
||||||
|
|
||||||
|
### Saskatchewan
|
||||||
|
- [Mesht Saskatchewan](https://t.me/MeshtSaska)
|
||||||
|
##
|
||||||
## United States
|
## United States
|
||||||
|
|
||||||
### Arkansas
|
### Arkansas
|
||||||
|
@ -50,7 +80,7 @@ us on [Discord](https://discord.com/invite/ktMAKGBnBs) to add your group.
|
||||||
- [Michigan Meshtastic Network](https://discord.gg/3A5RREcBcc)
|
- [Michigan Meshtastic Network](https://discord.gg/3A5RREcBcc)
|
||||||
|
|
||||||
### Oklahoma
|
### Oklahoma
|
||||||
- [Oklahoma Meshtastic Group] (https://www.facebook.com/groups/942404880478488)
|
- [Oklahoma Meshtastic Group](https://www.facebook.com/groups/942404880478488)
|
||||||
|
|
||||||
### Texas
|
### Texas
|
||||||
- [Austin Mesh](https://austinmesh.org/)
|
- [Austin Mesh](https://austinmesh.org/)
|
||||||
|
|
|
@ -37,6 +37,8 @@ MQTT password to use (most useful for a custom MQTT server). If using a custom s
|
||||||
|
|
||||||
Whether to send encrypted or unencrypted packets to MQTT. This parameter is only honored if you also set server (the default official mqtt.meshtastic.org server can handle encrypted packets). Unencrypted packets may be useful for external systems that want to consume meshtastic packets.
|
Whether to send encrypted or unencrypted packets to MQTT. This parameter is only honored if you also set server (the default official mqtt.meshtastic.org server can handle encrypted packets). Unencrypted packets may be useful for external systems that want to consume meshtastic packets.
|
||||||
|
|
||||||
|
Note: All messages are sent to the MQTT broker unencrypted if this option is not enabled, even when your uplink channels have encryption keys set.
|
||||||
|
|
||||||
### JSON Enabled
|
### JSON Enabled
|
||||||
|
|
||||||
:::note
|
:::note
|
||||||
|
|
|
@ -189,7 +189,7 @@ meshtastic --set store_forward.records 100
|
||||||
#### Web
|
#### Web
|
||||||
|
|
||||||
:::info
|
:::info
|
||||||
Store and Forward configuration is not currently available via the web client.
|
All Store & Forward module config options are available in the Web UI at Config > Module Config > S&F.
|
||||||
:::
|
:::
|
||||||
|
|
||||||
</TabItem>
|
</TabItem>
|
||||||
|
|
|
@ -70,7 +70,7 @@ The heading can be hard to read when 'INVERTED' or 'TWOCOLOR' display mode is us
|
||||||
|
|
||||||
### Wake on Tap or Motion
|
### Wake on Tap or Motion
|
||||||
|
|
||||||
This option enables the ability to wake the device screen when motion, such as a tap on the device, is detected via an attached accelerometer.
|
This option enables the ability to wake the device screen when motion, such as a tap on the device, is detected via an attached accelerometer, or a capacitive touch button.
|
||||||
|
|
||||||
## Display Config Client Availability
|
## Display Config Client Availability
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,8 @@ values={[
|
||||||
{label: 'GPS Module', value: 'GPS'},
|
{label: 'GPS Module', value: 'GPS'},
|
||||||
{label: 'Buzzer', value: 'Buzzer'},
|
{label: 'Buzzer', value: 'Buzzer'},
|
||||||
{label: 'I/O Module', value: 'IO'},
|
{label: 'I/O Module', value: 'IO'},
|
||||||
{label: 'Environmental Sensors', value:'Sensors'}
|
{label: 'Environmental Sensors', value:'Sensors'},
|
||||||
|
{label: 'RTC Module', value:'RTC'}
|
||||||
]}>
|
]}>
|
||||||
<TabItem value="GPS">
|
<TabItem value="GPS">
|
||||||
|
|
||||||
|
@ -142,5 +143,19 @@ The [RAK1906 Environment Sensor](https://store.rakwireless.com/products/rak1906-
|
||||||
- [RAK Wireless RAK1906](https://store.rakwireless.com/products/rak1906-bme680-environment-sensor)
|
- [RAK Wireless RAK1906](https://store.rakwireless.com/products/rak1906-bme680-environment-sensor)
|
||||||
|
|
||||||
</TabItem>
|
</TabItem>
|
||||||
|
<TabItem value="RTC">
|
||||||
|
|
||||||
|
## RTC Module
|
||||||
|
|
||||||
|
The [RAK12002 WisBlock RTC Module](https://store.rakwireless.com/products/rtc-module-rak12002) is a real-time-clock with a supercapacitor backup, allowing a node to maintain the correct time across reboots and for up to seven days without power. It operates on a crystal oscilator and communicates via the i2c interface. The module can be inserted into slots A, B or C (some users have reported issues with slot D) and is plug and play - no settings are required.
|
||||||
|
|
||||||
|
### Resources
|
||||||
|
- [RAK Documentation Center RAK12002](https://docs.rakwireless.com/Product-Categories/WisBlock/RAK12002/Overview/)
|
||||||
|
- Purchase Links:
|
||||||
|
- US
|
||||||
|
- [Rokland](https://store.rokland.com/products/rak-wireless-rak12002-rtc-module-micro-crystal-rv-3028-c7-pid-100032)
|
||||||
|
- International
|
||||||
|
- [RAK Wireless](https://store.rakwireless.com/products/rtc-module-rak12002)
|
||||||
|
|
||||||
|
</TabItem>
|
||||||
</Tabs>
|
</Tabs>
|
||||||
|
|
|
@ -7,14 +7,22 @@ sidebar_position: 1
|
||||||
|
|
||||||
## Functionality
|
## Functionality
|
||||||
|
|
||||||
- **Capacitive Touch Button (Top):**
|
- **Capacitive Touch Button (Top):**<br />
|
||||||
- **Short press:** Updates the e-ink display.
|
*If "Wake on Tap or Motion" setting enabled:*
|
||||||
|
- **Touch:**
|
||||||
|
- Update the display
|
||||||
|
- *(at screensaver)* Wake the display.
|
||||||
- **Reset Button (Button 1):**
|
- **Reset Button (Button 1):**
|
||||||
- **Single press:** Resets the device.
|
- **Single press:** Power-on / reboot.
|
||||||
- **Double press:** Puts the device into bootloader mode which allows you to update the firmware.
|
- **Double press:** Enter bootloader mode, for firmware update.
|
||||||
- **Program/Power Button (Button 2):**
|
- **Program Button (Button 2):**
|
||||||
- **Single press:** Changes the information page displayed on the device's screen.
|
- **Single press:**
|
||||||
- **Double press:** Turns the screen backlight on/off and sends an adhoc ping of the device's position to the network.
|
- Display next page of information.
|
||||||
- **Long press:** Signals the device to shutdown after 5 seconds.
|
- *(at screensaver)* Wake the display.
|
||||||
|
- *(when off)* Enter bootloader mode, for firmware update.
|
||||||
|
- **Double press:** Send an "adhoc ping": announce device to network.
|
||||||
|
- ** 3x press:** Enable / disable GPS.
|
||||||
|
- ** 4x press:** Enable / disable display's backlight.
|
||||||
|
- **Hold:** Shutdown.
|
||||||
|
|
||||||
![TechoButtons](/img/hardware/t-echo-lilygo.webp)
|
![TechoButtons](/img/hardware/t-echo-lilygo.webp)
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
id: privacy
|
id: privacy
|
||||||
title: Meshtastic privacy policy
|
title: Meshtastic privacy policy
|
||||||
sidebar_label: Privacy
|
sidebar_label: Privacy
|
||||||
|
custom_edit_url: null
|
||||||
sidebar_position: 2
|
sidebar_position: 2
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,12 @@ export default function NotFoundContent({ className }) {
|
||||||
original URL and let them know their link is broken.
|
original URL and let them know their link is broken.
|
||||||
</Translate>
|
</Translate>
|
||||||
</p>
|
</p>
|
||||||
<img src="/design/chirpy.png" alt="Chirpy" />
|
<img
|
||||||
|
src="/design/chirpy/chirpy.png"
|
||||||
|
alt="Chirpy"
|
||||||
|
className={clsx("col col--6 col--offset-3")}
|
||||||
|
style={{ maxWidth: "300px" }}
|
||||||
|
/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</main>
|
</main>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit 2865a55d39dea5f6d9f2c09ac1ec485666a833da
|
Subproject commit eeddd10c108f1516e6e0c878fbaa8ed40a4d279d
|
Binary file not shown.
Before Width: | Height: | Size: 44 KiB After Width: | Height: | Size: 16 KiB |
Loading…
Reference in a new issue