MeshCore Packet Format and Encryption

This page covers MeshCore's packet encryption as verified from docs/packet_format.md and src/Utils.cpp in the official MeshCore repository.

MeshCoreEncryption at the Packet Format and EncryptionLevel

Packet

Each Structure Overview

MeshCore packets are compact binary structures optimized for LoRa's low-data-rate radio. A typical datamessage packet contains:is protected by AES-128 encryption followed by a 2-byte HMAC-SHA256 MAC:

[Cleartext header] [AES-128 ECB encrypted payload] [2-byte HMAC-SHA256 MAC]

Route Types

Packets carry one of four route types (from packet_format.md):

• Source and destination node IDsROUTE_TYPE_FLOOD — 8-bytebroadcast publicto keysall identifying the communicating nodes.

Sequence number —repeaters; used for deduplicationinitial contact and replaygroup prevention.messages Hop count / TTLROUTE_TYPE_DIRECT — limitsembeds howa farspecific repeater path; only listed repeaters forward the packet can travel. Payload type indicatorROUTE_TYPE_TRANSPORT_FLOOD — identifiesflood thewith typetransport/region ofcode content (text, position, route control, etc.).prefix Encrypted payloadROUTE_TYPE_TRANSPORT_DIRECT — thedirect-routed actualwith messagetransport/region content, opaque to relay nodes. Message Authentication Code (MAC) — provides integrity verification; a corrupted or forged packet is rejected.code

Encryption

Path Learning (How Direct Routing Works)

MeshCore uses AES-256-CTR (Counter Mode) for payload encryption. The encryption key is derived from the sender's private key and recipient's public key using Elliptic Curve Diffie-Hellman (ECDH). Key properties of this design:

Each message pair (A→B, A→C) uses a differentflood-then-direct-route derived key — compromise of one conversation does not affect others. Relay nodes forward ciphertext — they cannot read message content. An eavesdropper capturing RF traffic sees only encrypted data. No separate PSK to distribute — security is rooted in node key pairs generated at first boot.

Public Key Infrastructure

Each MeshCore node generates a unique X25519 key pair on first boot. The public key serves as the node's identity (node ID). There is no central key server — the public key is distributed organically through RREQ/RREP packets and advertisement broadcasts as nodes interact with the mesh.

Message Integrity

AES-256-CTR combined with a GMAC-style MAC provides both confidentiality and integrity. A forged or corrupted packet is detected and discarded before processing.

Group / Channel Messages

Channel-level broadcast messagesmechanism (not point-to-point)AODV useRREQ/RREP):

First message to a channelnew keydestination derivedis fromflood-routed The destination node returns a PAYLOAD_TYPE_PATH packet containing the channelfull namerepeater path it received the message through The sender stores this path and auses PSK,ROUTE_TYPE_DIRECT similarfor subsequent messages, embedding the learned path Only the specific repeaters in the path forward the packet — all others ignore it

This mechanism reduces channel load significantly compared to Meshtastic'spure approach.flooding Allonce nodespaths configuredare withestablished.

Source: docs/packet_format.md and src/Utils.cpp in the sameofficial channelMeshCore keyrepository. canVerified read channel broadcasts.2026-05-03.

Key Comparison with Meshtastic

AspectMeshCoreMeshtastic Direct message encryption ECDH key agreement per node pair (AES-256-CTR) PKI-based end-to-end (firmware 2.3+) Channel broadcast encryption PSK derived from channel name + secret Shared PSK per channel Key distribution Automatic via node advertisements Manual channel key sharing Relay node visibility Cannot read direct message content Cannot read content (encrypted in transit)

MeshCore's ECDH approach is more complex but stronger for direct messages — each pair of nodes has a unique shared secret. Meshtastic's shared PSK model is simpler to manage but means any node with the channel key can read all channel traffic.