Description
Implement the authenticated-plaintext licensed/ham-mode design from meshtastic/design#122 as a separate follow-up to the packet authenticity policy stack.
Licensed traffic must remain unencrypted and readable on air, while publishing an identity public key and carrying verifiable XEdDSA signatures on signable broadcast and directed packets.
Required changes
- Allow identity key generation/restoration for licensed users without enabling PKI encryption.
- Stop stripping
User.public_key from licensed NodeInfo.
- Use the normal key-derived
NodeNum = crc32(public_key) identity and migration path.
- Sign all locally originated licensed, non-PKI
Data packets that fit, including plaintext unicast/direct messages.
- Keep channel PSKs removed, the admin channel disabled, and
shouldUsePkiEncryption() false for licensed traffic.
- Preserve callsign fields and existing licensed rebroadcast restrictions.
- Update the packet-policy warnings/tests so verified licensed traffic works in Strict.
Safety and compatibility
- Existing licensed nodes without keys will undergo a one-time NodeNum migration. Preserve valid keys and warn/document the impact.
- A signature provides origin/integrity authentication, not confidentiality. Direct-message payloads must remain plaintext on the wire.
- A signed callsign-bearing NodeInfo self-binds that label to a key; it does not validate the amateur licence or replace required station identification.
- Operators remain responsible for local licence conditions and permitted modes.
Acceptance criteria
- Licensed NodeInfo publishes a 32-byte public key and verifies through first-contact identity binding.
- Licensed broadcast and directed packets are signed whenever the encoded
Data fits.
- Packet captures demonstrate that licensed direct-message payloads are not PKI- or channel-encrypted.
- Strict accepts verified licensed traffic and rejects unsigned/invalid/unverifiable licensed traffic.
- PKI encryption is unreachable for licensed senders even when keys are available.
- Tests cover licensed-mode entry/exit, identity migration, key preservation/regeneration, all relevant portnums/destinations, oversized packets, and plaintext wire semantics.
- Draft PR remains unmerged until representative hardware capture and cross-version testing are recorded.
Dependencies
Description
Implement the authenticated-plaintext licensed/ham-mode design from meshtastic/design#122 as a separate follow-up to the packet authenticity policy stack.
Licensed traffic must remain unencrypted and readable on air, while publishing an identity public key and carrying verifiable XEdDSA signatures on signable broadcast and directed packets.
Required changes
User.public_keyfrom licensed NodeInfo.NodeNum = crc32(public_key)identity and migration path.Datapackets that fit, including plaintext unicast/direct messages.shouldUsePkiEncryption()false for licensed traffic.Safety and compatibility
Acceptance criteria
Datafits.Dependencies