Update Encryption Technical (#1535)

* acronym inconsistencies

* oops

* feedback

* oops again

* add PKC to glossary
This commit is contained in:
rcarteraz 2024-10-28 14:53:07 -07:00 committed by GitHub
parent fa11f7aa7f
commit a013702d88
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 10 additions and 7 deletions

View file

@ -6,24 +6,24 @@ sidebar_position: 5
description: Technical Overview of Encryption Employed with Meshtastic from Firmware 2.5.0 Onwards
---
## PSK for Channels, PKC for Direct Messages (DMs) and Admin Messages
## PSK for Channels, PKC for Direct Messages and Admin Messages
Starting with firmware version 2.5.0, which introduces Public Key Cryptography (PKC) for Direct Messages (DMs) and additionally incorporating the use of Session IDs for Admin Messages, the security architecture of Meshtastic has reached a new level of robustness.
Up to version 2.4.x of the firmware, Meshtastic relied entirely on Pre-Shared Key (PSK) cryptography for all messaging. Starting with firmware version 2.5.0, Meshtastic introduced Public Key Cryptography (PKC) for Direct Messages (DMs) and added Session IDs for Admin Messages. Together, these enhancements bring the security architecture of Meshtastic to a new level of robustness.
Below is a detailed overview of how PSK, PKC, and Session IDs are integrated into your system to secure Channels, Direct Messages, and Admin Messages.
### 1. Chat Channels Using Pre-Shared Key (PSK)
### 1. Chat Channels Using PSK
- **PSK Overview:**
- Chat Channels continue to utilize a Pre-Shared Key (PSK) for encrypting communications.
- Chat Channels continue to utilize a PSK for encrypting communications.
- All participants share the same PSK for their Channels, which is used for both encryption and decryption within the channel.
- **Security Considerations:**
- **Confidentiality:** Only participants with the correct PSK can access messages within the Chat Channel.
- **Key Management:** Secure distribution and regular rotation of the PSK are essential to maintaining the channel's security.
### 2. Direct Messages (DMs) Now Using PKC
### 2. DMs Now Using PKC
- **PKC Implementation for DMs:**

View file

@ -29,7 +29,7 @@ DFU
: Device Firmware Update, a state which a device is placed into for it to receive a firmware update
ESP32 | [Drivers](/docs/getting-started/serial-drivers/esp32/) | [Firmware](/docs/getting-started/flashing-firmware/esp32/)
: A chipset of microcontroller made/designed by Espressif, used by a number of devices. Higher power usage than NRF52, but often cheaper and supports WiFi if desired.
: A chipset of microcontroller made/designed by Espressif, used by a number of devices. Higher power usage than NRF52, but often cheaper and supports WiFi if desired.
Firmware | [Guide](https://meshtastic.org/docs/getting-started/flashing-firmware/)
: The low-level software programmed onto a Meshtastic device, controlling its hardware functions and enabling it to communicate within the mesh network using LoRa technology. Firmware
@ -73,9 +73,12 @@ Packet
Protobuf | [Reference](/docs/development/reference/protobufs/)
: Protocol Buffers, a method developed by Google for serializing structured data, used in Meshtastic for efficient communication protocol between devices.
PSK | [Encryption](/docs/overview/encryption/)
Pre-Shared Key (PSK) | [Encryption](/docs/overview/encryption/)
: Pre-Shared Key, a secret code or passphrase used in Meshtastic channels for encryption, ensuring that only devices with the matching PSK can communicate within that specific channel.
Public Key Cryptography (PKC) | [Encryption](/docs/overview/encryption/)
: A cryptographic method introduced in Meshtastic v2.5 for Direct Messages and Admin Messages, where each device uses a unique public and private key pair. The public key, shared with other devices, enables secure message encryption, while the private key allows only the intended recipient to decrypt and authenticate the message. This approach enhances privacy and integrity for both direct device-to-device communication and sensitive admin functions.
Repeater | [Role Definitions](/docs/configuration/radio/device/#roles)
: Infrastructure node for extending network coverage by relaying messages with minimal overhead. Not visible in Nodes list.