Updated manual and documentation
This commit is contained in:
parent
9ef10a7b3e
commit
4bc8a0b69b
Binary file not shown.
Binary file not shown.
|
@ -134,10 +134,11 @@ be sufficient, even far into the future.
|
||||||
By default Reticulum encrypts all data using elliptic curve cryptography and AES. Any packet sent to a
|
By default Reticulum encrypts all data using elliptic curve cryptography and AES. Any packet sent to a
|
||||||
destination is encrypted with a per-packet derived key. Reticulum can also set up an encrypted
|
destination is encrypted with a per-packet derived key. Reticulum can also set up an encrypted
|
||||||
channel to a destination, called a *Link*. Both data sent over Links and single packets offer
|
channel to a destination, called a *Link*. Both data sent over Links and single packets offer
|
||||||
*Initiator Anonymity*, and links additionally offer *Forward Secrecy* by using an Elliptic Curve
|
*Initiator Anonymity*. Links additionally offer *Forward Secrecy* by default, employing an Elliptic Curve
|
||||||
Diffie Hellman key exchange on Curve25519 to derive per-link ephemeral keys. The multi-hop transport,
|
Diffie Hellman key exchange on Curve25519 to derive per-link ephemeral keys. Asymmetric, link-less
|
||||||
coordination, verification and reliability layers are fully autonomous and also based on elliptic
|
packet communication can also provide forward secrecy, with automatic key ratcheting, by enabling
|
||||||
curve cryptography.
|
ratchets on a per-destination basis. The multi-hop transport, coordination, verification and reliability
|
||||||
|
layers are fully autonomous and also based on elliptic curve cryptography.
|
||||||
|
|
||||||
Reticulum also offers symmetric key encryption for group-oriented communications, as well as
|
Reticulum also offers symmetric key encryption for group-oriented communications, as well as
|
||||||
unencrypted packets for local broadcast purposes.
|
unencrypted packets for local broadcast purposes.
|
||||||
|
@ -431,7 +432,7 @@ For exchanges of small amounts of information, Reticulum offers the *Packet* API
|
||||||
|
|
||||||
* | A packet is always created with an associated destination and some payload data. When the packet is sent
|
* | A packet is always created with an associated destination and some payload data. When the packet is sent
|
||||||
to a *single* destination type, Reticulum will automatically create an ephemeral encryption key, perform
|
to a *single* destination type, Reticulum will automatically create an ephemeral encryption key, perform
|
||||||
an ECDH key exchange with the destination's public key, and encrypt the information.
|
an ECDH key exchange with the destination's public key (or ratchet key, if available), and encrypt the information.
|
||||||
|
|
||||||
* | It is important to note that this key exchange does not require any network traffic. The sender already
|
* | It is important to note that this key exchange does not require any network traffic. The sender already
|
||||||
knows the public key of the destination from an earlier received *announce*, and can thus perform the ECDH
|
knows the public key of the destination from an earlier received *announce*, and can thus perform the ECDH
|
||||||
|
@ -867,12 +868,14 @@ both on general-purpose CPUs and on microcontrollers. The necessary primitives a
|
||||||
|
|
||||||
* HKDF for key derivation
|
* HKDF for key derivation
|
||||||
|
|
||||||
* Fernet for encrypted tokens
|
* Modified Fernet for encrypted tokens
|
||||||
|
|
||||||
* AES-128 in CBC mode
|
* AES-128 in CBC mode
|
||||||
|
|
||||||
* HMAC for message authentication
|
* HMAC for message authentication
|
||||||
|
|
||||||
|
* No Version and Timestamp metadata included
|
||||||
|
|
||||||
* SHA-256
|
* SHA-256
|
||||||
|
|
||||||
* SHA-512
|
* SHA-512
|
||||||
|
|
|
@ -53,9 +53,9 @@ What does Reticulum Offer?
|
||||||
|
|
||||||
* Forward Secrecy by using ephemeral Elliptic Curve Diffie-Hellman keys on Curve25519
|
* Forward Secrecy by using ephemeral Elliptic Curve Diffie-Hellman keys on Curve25519
|
||||||
|
|
||||||
* Reticulum uses the `Fernet <https://github.com/fernet/spec/blob/master/Spec.md>`_ specification for on-the-wire / over-the-air encryption
|
* Reticulum uses a modified version of the `Fernet <https://github.com/fernet/spec/blob/master/Spec.md>`_ specification for on-the-wire / over-the-air encryption
|
||||||
|
|
||||||
* All keys are ephemeral and derived from an ECDH key exchange on Curve25519
|
* Keys are ephemeral and derived from an ECDH key exchange on Curve25519
|
||||||
|
|
||||||
* AES-128 in CBC mode with PKCS7 padding
|
* AES-128 in CBC mode with PKCS7 padding
|
||||||
|
|
||||||
|
@ -63,6 +63,8 @@ What does Reticulum Offer?
|
||||||
|
|
||||||
* IVs are generated through os.urandom()
|
* IVs are generated through os.urandom()
|
||||||
|
|
||||||
|
* No Version and Timestamp metadata included
|
||||||
|
|
||||||
* Unforgeable packet delivery confirmations
|
* Unforgeable packet delivery confirmations
|
||||||
|
|
||||||
* A variety of supported interface types
|
* A variety of supported interface types
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -360,10 +360,11 @@ be sufficient, even far into the future.</p>
|
||||||
<p>By default Reticulum encrypts all data using elliptic curve cryptography and AES. Any packet sent to a
|
<p>By default Reticulum encrypts all data using elliptic curve cryptography and AES. Any packet sent to a
|
||||||
destination is encrypted with a per-packet derived key. Reticulum can also set up an encrypted
|
destination is encrypted with a per-packet derived key. Reticulum can also set up an encrypted
|
||||||
channel to a destination, called a <em>Link</em>. Both data sent over Links and single packets offer
|
channel to a destination, called a <em>Link</em>. Both data sent over Links and single packets offer
|
||||||
<em>Initiator Anonymity</em>, and links additionally offer <em>Forward Secrecy</em> by using an Elliptic Curve
|
<em>Initiator Anonymity</em>. Links additionally offer <em>Forward Secrecy</em> by default, employing an Elliptic Curve
|
||||||
Diffie Hellman key exchange on Curve25519 to derive per-link ephemeral keys. The multi-hop transport,
|
Diffie Hellman key exchange on Curve25519 to derive per-link ephemeral keys. Asymmetric, link-less
|
||||||
coordination, verification and reliability layers are fully autonomous and also based on elliptic
|
packet communication can also provide forward secrecy, with automatic key ratcheting, by enabling
|
||||||
curve cryptography.</p>
|
ratchets on a per-destination basis. The multi-hop transport, coordination, verification and reliability
|
||||||
|
layers are fully autonomous and also based on elliptic curve cryptography.</p>
|
||||||
<p>Reticulum also offers symmetric key encryption for group-oriented communications, as well as
|
<p>Reticulum also offers symmetric key encryption for group-oriented communications, as well as
|
||||||
unencrypted packets for local broadcast purposes.</p>
|
unencrypted packets for local broadcast purposes.</p>
|
||||||
<p>Reticulum can connect to a variety of interfaces such as radio modems, data radios and serial ports,
|
<p>Reticulum can connect to a variety of interfaces such as radio modems, data radios and serial ports,
|
||||||
|
@ -639,7 +640,7 @@ expect. Reticulum offers two ways to do this.</p>
|
||||||
<li><div class="line-block">
|
<li><div class="line-block">
|
||||||
<div class="line">A packet is always created with an associated destination and some payload data. When the packet is sent
|
<div class="line">A packet is always created with an associated destination and some payload data. When the packet is sent
|
||||||
to a <em>single</em> destination type, Reticulum will automatically create an ephemeral encryption key, perform
|
to a <em>single</em> destination type, Reticulum will automatically create an ephemeral encryption key, perform
|
||||||
an ECDH key exchange with the destination’s public key, and encrypt the information.</div>
|
an ECDH key exchange with the destination’s public key (or ratchet key, if available), and encrypt the information.</div>
|
||||||
</div>
|
</div>
|
||||||
</li>
|
</li>
|
||||||
<li><div class="line-block">
|
<li><div class="line-block">
|
||||||
|
@ -1068,10 +1069,11 @@ both on general-purpose CPUs and on microcontrollers. The necessary primitives a
|
||||||
<li><p>Ed25519 for signatures</p></li>
|
<li><p>Ed25519 for signatures</p></li>
|
||||||
<li><p>X25519 for ECDH key exchanges</p></li>
|
<li><p>X25519 for ECDH key exchanges</p></li>
|
||||||
<li><p>HKDF for key derivation</p></li>
|
<li><p>HKDF for key derivation</p></li>
|
||||||
<li><p>Fernet for encrypted tokens</p>
|
<li><p>Modified Fernet for encrypted tokens</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li><p>AES-128 in CBC mode</p></li>
|
<li><p>AES-128 in CBC mode</p></li>
|
||||||
<li><p>HMAC for message authentication</p></li>
|
<li><p>HMAC for message authentication</p></li>
|
||||||
|
<li><p>No Version and Timestamp metadata included</p></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
<li><p>SHA-256</p></li>
|
<li><p>SHA-256</p></li>
|
||||||
|
|
|
@ -262,12 +262,13 @@ considered complete and stable at the moment, but could change if absolutely war
|
||||||
<li><p>Complete initiator anonymity, communicate without revealing your identity</p></li>
|
<li><p>Complete initiator anonymity, communicate without revealing your identity</p></li>
|
||||||
<li><p>Asymmetric encryption based on X25519, and Ed25519 signatures as a basis for all communication</p></li>
|
<li><p>Asymmetric encryption based on X25519, and Ed25519 signatures as a basis for all communication</p></li>
|
||||||
<li><p>Forward Secrecy by using ephemeral Elliptic Curve Diffie-Hellman keys on Curve25519</p></li>
|
<li><p>Forward Secrecy by using ephemeral Elliptic Curve Diffie-Hellman keys on Curve25519</p></li>
|
||||||
<li><p>Reticulum uses the <a class="reference external" href="https://github.com/fernet/spec/blob/master/Spec.md">Fernet</a> specification for on-the-wire / over-the-air encryption</p>
|
<li><p>Reticulum uses a modified version of the <a class="reference external" href="https://github.com/fernet/spec/blob/master/Spec.md">Fernet</a> specification for on-the-wire / over-the-air encryption</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li><p>All keys are ephemeral and derived from an ECDH key exchange on Curve25519</p></li>
|
<li><p>Keys are ephemeral and derived from an ECDH key exchange on Curve25519</p></li>
|
||||||
<li><p>AES-128 in CBC mode with PKCS7 padding</p></li>
|
<li><p>AES-128 in CBC mode with PKCS7 padding</p></li>
|
||||||
<li><p>HMAC using SHA256 for authentication</p></li>
|
<li><p>HMAC using SHA256 for authentication</p></li>
|
||||||
<li><p>IVs are generated through os.urandom()</p></li>
|
<li><p>IVs are generated through os.urandom()</p></li>
|
||||||
|
<li><p>No Version and Timestamp metadata included</p></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
<li><p>Unforgeable packet delivery confirmations</p></li>
|
<li><p>Unforgeable packet delivery confirmations</p></li>
|
||||||
|
|
|
@ -134,10 +134,11 @@ be sufficient, even far into the future.
|
||||||
By default Reticulum encrypts all data using elliptic curve cryptography and AES. Any packet sent to a
|
By default Reticulum encrypts all data using elliptic curve cryptography and AES. Any packet sent to a
|
||||||
destination is encrypted with a per-packet derived key. Reticulum can also set up an encrypted
|
destination is encrypted with a per-packet derived key. Reticulum can also set up an encrypted
|
||||||
channel to a destination, called a *Link*. Both data sent over Links and single packets offer
|
channel to a destination, called a *Link*. Both data sent over Links and single packets offer
|
||||||
*Initiator Anonymity*, and links additionally offer *Forward Secrecy* by using an Elliptic Curve
|
*Initiator Anonymity*. Links additionally offer *Forward Secrecy* by default, employing an Elliptic Curve
|
||||||
Diffie Hellman key exchange on Curve25519 to derive per-link ephemeral keys. The multi-hop transport,
|
Diffie Hellman key exchange on Curve25519 to derive per-link ephemeral keys. Asymmetric, link-less
|
||||||
coordination, verification and reliability layers are fully autonomous and also based on elliptic
|
packet communication can also provide forward secrecy, with automatic key ratcheting, by enabling
|
||||||
curve cryptography.
|
ratchets on a per-destination basis. The multi-hop transport, coordination, verification and reliability
|
||||||
|
layers are fully autonomous and also based on elliptic curve cryptography.
|
||||||
|
|
||||||
Reticulum also offers symmetric key encryption for group-oriented communications, as well as
|
Reticulum also offers symmetric key encryption for group-oriented communications, as well as
|
||||||
unencrypted packets for local broadcast purposes.
|
unencrypted packets for local broadcast purposes.
|
||||||
|
@ -431,7 +432,7 @@ For exchanges of small amounts of information, Reticulum offers the *Packet* API
|
||||||
|
|
||||||
* | A packet is always created with an associated destination and some payload data. When the packet is sent
|
* | A packet is always created with an associated destination and some payload data. When the packet is sent
|
||||||
to a *single* destination type, Reticulum will automatically create an ephemeral encryption key, perform
|
to a *single* destination type, Reticulum will automatically create an ephemeral encryption key, perform
|
||||||
an ECDH key exchange with the destination's public key, and encrypt the information.
|
an ECDH key exchange with the destination's public key (or ratchet key, if available), and encrypt the information.
|
||||||
|
|
||||||
* | It is important to note that this key exchange does not require any network traffic. The sender already
|
* | It is important to note that this key exchange does not require any network traffic. The sender already
|
||||||
knows the public key of the destination from an earlier received *announce*, and can thus perform the ECDH
|
knows the public key of the destination from an earlier received *announce*, and can thus perform the ECDH
|
||||||
|
@ -867,12 +868,14 @@ both on general-purpose CPUs and on microcontrollers. The necessary primitives a
|
||||||
|
|
||||||
* HKDF for key derivation
|
* HKDF for key derivation
|
||||||
|
|
||||||
* Fernet for encrypted tokens
|
* Modified Fernet for encrypted tokens
|
||||||
|
|
||||||
* AES-128 in CBC mode
|
* AES-128 in CBC mode
|
||||||
|
|
||||||
* HMAC for message authentication
|
* HMAC for message authentication
|
||||||
|
|
||||||
|
* No Version and Timestamp metadata included
|
||||||
|
|
||||||
* SHA-256
|
* SHA-256
|
||||||
|
|
||||||
* SHA-512
|
* SHA-512
|
||||||
|
|
|
@ -53,9 +53,9 @@ What does Reticulum Offer?
|
||||||
|
|
||||||
* Forward Secrecy by using ephemeral Elliptic Curve Diffie-Hellman keys on Curve25519
|
* Forward Secrecy by using ephemeral Elliptic Curve Diffie-Hellman keys on Curve25519
|
||||||
|
|
||||||
* Reticulum uses the `Fernet <https://github.com/fernet/spec/blob/master/Spec.md>`_ specification for on-the-wire / over-the-air encryption
|
* Reticulum uses a modified version of the `Fernet <https://github.com/fernet/spec/blob/master/Spec.md>`_ specification for on-the-wire / over-the-air encryption
|
||||||
|
|
||||||
* All keys are ephemeral and derived from an ECDH key exchange on Curve25519
|
* Keys are ephemeral and derived from an ECDH key exchange on Curve25519
|
||||||
|
|
||||||
* AES-128 in CBC mode with PKCS7 padding
|
* AES-128 in CBC mode with PKCS7 padding
|
||||||
|
|
||||||
|
@ -63,6 +63,8 @@ What does Reticulum Offer?
|
||||||
|
|
||||||
* IVs are generated through os.urandom()
|
* IVs are generated through os.urandom()
|
||||||
|
|
||||||
|
* No Version and Timestamp metadata included
|
||||||
|
|
||||||
* Unforgeable packet delivery confirmations
|
* Unforgeable packet delivery confirmations
|
||||||
|
|
||||||
* A variety of supported interface types
|
* A variety of supported interface types
|
||||||
|
|
Loading…
Reference in New Issue