PKC Direct Messaging (v2.5+)

Meshtastic v2.5 introduced Public Key Cryptography (PKC) encrypted direct messages - a significant security upgrade that makes DMs genuinely end-to-end encrypted rather than just channel-scoped.

Note on terminology: This feature is officially called "PKC Direct Messages" or "encrypted direct messages" in Meshtastic documentation. It was introduced in firmware v2.5, not v2.3 as some sources incorrectly state.

Before v2.5: How DMs Worked

Prior to v2.5, "direct messages" in Meshtastic were standard channel messages with a to field set to the recipient's node ID. Anyone on the same channel with the channel key could decrypt and read all DMs. There was no per-recipient encryption.

v2.5+: PKC Encrypted Direct Messages

From v2.5 onward, direct messages use per-node asymmetric encryption:

Key exchange: X25519 ECDH - each node has an X25519 public/private key pair
Encryption: AES-CCM - using the derived shared secret as the key
Only the intended recipient can decrypt the message - the channel key is not used
Node public keys are distributed automatically via NodeInfo packets

Backward Compatibility

If you send a PKC-encrypted DM to a node running firmware 2.4.3 or older, Meshtastic automatically falls back to the legacy channel-based method. The sender's app indicates which method is being used.

Requirements

Both sender and recipient must be running Meshtastic firmware v2.5 or later
Both nodes must have exchanged NodeInfo packets (public keys are included automatically)
Compatible with Android, iOS, and Python CLI clients that support v2.5+

Source: meshtastic.org/docs/overview/encryption/ and meshtastic.org/blog/introducing-new-public-key-cryptography-in-v2_5/. Verified 2026-05-03.

Meshtastic Protocol Overview

Meshtastic Flooding Mesh Protocol Explained

Meshtastic Node IDs, Addresses, and Naming

Meshtastic Setup Guide

Initial Node Configuration Checklist

Advanced Configuration for Infrastructure Nodes

Personal Device Roles

Infrastructure Roles: Router and Repeater

Specialized Roles

How Meshtastic Channels Work

Creating Private Channels

Built-in Telemetry Types

Monitoring Channel Utilization

Meshtastic Python CLI Guide

Complete Meshtastic CLI Command Reference

Meshtastic MQTT Setup

Building a Meshtastic Internet Gateway

MQTT Topic Structure and Packet Format

Preventing MQTT Message Loops

Meshtastic Web Interface and Remote Access

Meshtastic Module Configuration Reference

Traceroute and Path Diagnostics

Neighbor Info and Signal Mapping

Meshtastic APRS Gateway

Meshtastic Python Scripting

Home Assistant Integration via MQTT

Node-RED Flows for Mesh Automation

Meshtastic Channel Encryption

Privacy Best Practices

Understanding Channels and PSKs

Sharing Channels via QR Code

Channel Strategy for Community Networks

Reading Network Statistics in the Meshtastic App

Using the Meshtastic Python CLI for Diagnostics

Mesh Topology and Path Analysis

Common Network Problems and Solutions

Building a Meshtastic Network Map

Getting Started with the Meshtastic Python Library

Automating Meshtastic: Practical Scripts

Meshtastic Python API Reference

Telemetry Module: Device, Environment, and Power

Store and Forward Module

Range Test Module

External Notification and Canned Messages

Serial, MQTT, and Ambient Light Modules

PKC Direct Messaging (v2.5+)

Meshtastic Managed Mode and Admin Channels

Device Configuration Settings

Position Configuration Settings

Network Configuration Settings

Meshtastic Android App Overview

Meshtastic iOS App Overview

Meshtastic Web Client and Python CLI

Meshtastic Power Settings Reference

Power Configuration Settings Reference

Meshtastic LoRa Settings Reference

Choosing the Right Modem Preset

PKC Direct Messaging (v2.5+)

Before v2.5: How DMs Worked

v2.5+: PKC Encrypted Direct Messages

Backward Compatibility

Requirements