Skip to main content

MeshCore Packet Format and Encryption

MeshCore Packet Format and Encryption

Packet Structure Overview

MeshCore packets are compact binary structures optimized for LoRa's low-data-rate radio. A typical data packet contains:

  • Source and destination node IDs — 8-byte public keys identifying the communicating nodes.
  • Sequence number — used for deduplication and replay prevention.
  • Hop count / TTL — limits how far the packet can travel.
  • Payload type indicator — identifies the type of content (text, position, route control, etc.).
  • Encrypted payload — the actual message content, opaque to relay nodes.
  • Message Authentication Code (MAC) — provides integrity verification; a corrupted or forged packet is rejected.

Encryption

MeshCore uses AES-256-CTR (Counter Mode) for payload encryption. The encryption key is derived from the sender's private key and recipient's public key using Elliptic Curve Diffie-Hellman (ECDH). Key properties of this design:

  • Each message pair (A→B, A→C) uses a different derived key — compromise of one conversation does not affect others.
  • Relay nodes forward ciphertext — they cannot read message content.
  • An eavesdropper capturing RF traffic sees only encrypted data.
  • No separate PSK to distribute — security is rooted in node key pairs generated at first boot.

Public Key Infrastructure

Each MeshCore node generates a unique X25519 key pair on first boot. The public key serves as the node's identity (node ID). There is no central key server — the public key is distributed organically through RREQ/RREP packets and advertisement broadcasts as nodes interact with the mesh.

Message Integrity

AES-256-CTR combined with a GMAC-style MAC provides both confidentiality and integrity. A forged or corrupted packet is detected and discarded before processing.

Group / Channel Messages

Channel-level broadcast messages (not point-to-point) use a channel key derived from the channel name and a PSK, similar to Meshtastic's approach. All nodes configured with the same channel key can read channel broadcasts.

Key Comparison with Meshtastic

AspectMeshCoreMeshtastic
Direct message encryption ECDH key agreement per node pair (AES-256-CTR) PKI-based end-to-end (firmware 2.3+)
Channel broadcast encryption PSK derived from channel name + secret Shared PSK per channel
Key distribution Automatic via node advertisements Manual channel key sharing
Relay node visibility Cannot read direct message content Cannot read content (encrypted in transit)

MeshCore's ECDH approach is more complex but stronger for direct messages — each pair of nodes has a unique shared secret. Meshtastic's shared PSK model is simpler to manage but means any node with the channel key can read all channel traffic.

Back to top