<p>LXMF is a simple and flexible messaging format that allows a wide variety of implementations, while using as little bandwidth as possible. It is built on top of <ahref="https://github.com/markqvist/reticulum">Reticulum</a> and offers zero-conf message routing, end-to-end encryption and Perfect Forward Secrecy by default.</p>
<p>LXMF messages are stored in a simple and efficient format, that's easy to parse and write.</p>
<h5>
<aid="user-content-the-format-follows-this-general-structure"class="anchor"href="#the-format-follows-this-general-structure"aria-hidden="true"><spanaria-hidden="true"class="octicon octicon-link"></span></a>The format follows this general structure:</h5>
<aid="user-content-and-these-rules"class="anchor"href="#and-these-rules"aria-hidden="true"><spanaria-hidden="true"class="octicon octicon-link"></span></a>And these rules:</h5>
<ol>
<li>
<p>A LXMF message is identified by it's <strong>message-id</strong>, which is a SHA-256 hash of the <strong>Destination</strong>, <strong>Source</strong> and <strong>Payload</strong>. The message-id is never included directly in the message, since it can always be inferred from the message itself.</p>
<p>In some cases the actual message-id cannot be inferred, for example when a Propagation Node is storing an encrypted message for an offline user. In theses cases a <em>transient-id</em> is used to identify the message while in storage or transit.</p>
</li>
<li>
<p><strong>Destination</strong>, <strong>Source</strong>, <strong>Signature</strong> and <strong>Payload</strong> parts are mandatory, as is the <strong>Timestamp</strong> part of the payload.</p>
<ul>
<li>The <strong>Destination</strong> and <strong>Source</strong> fields are Reticulum destination hashes</li>
<li>The <strong>Signature</strong> field is a RSA signature of the <strong>Destination</strong>, <strong>Source</strong>, <strong>Payload</strong> and <strong>message-id</strong>
</li>
<li>The <strong>Payload</strong> part is a list containing four items:
<p>The <strong>Content</strong>, <strong>Title</strong> and <strong>Fields</strong> parts must be included in the message structure, but can be left empty.</p>
<p>LXMF offers flexibility to implement many different messaging schemes, ranging from human communication to machine control and sensor monitoring. Here's a few examples:</p>
<ul>
<li>
<p>A messaging system for passing short, simple messages between human users, akin to SMS can be implemented using only the <strong>Content</strong> field, and leaving all other optional fields empty.</p>
</li>
<li>
<p>For sending full-size mail, an email-like system can be implemented using the <strong>Title</strong> and <strong>Content</strong> fields to store "subject" and "body" parts of the message, and optionally the <strong>Fields</strong> part can be used to store attachments or other metadata.</p>
</li>
<li>
<p>Machine-control messages or sensor readings can be implemented using command structures embedded in the <strong>Fields</strong> dictionary.</p>
</li>
<li>
<p>Distributed discussion or news-groups, akin to USENET or similar systems, can be implemented using the relevant fields and LXMF Propagation Nodes. Broadcast bulletins can be implemented in a similar fashion.</p>
<p>LXM Propagation Nodes offer a way to store and forward messages to users or endpoints that are not directly reachable at the time of message emission. Propagation Nodes can also provide infrastructure for distributed bulletin, news or discussion boards.</p>
<p>The LXM Router handles transporting messages over a Reticulum network, managing delivery receipts, outbound and inbound queues, and is the point of API interaction for client programs. The LXM Router also implements functionality for acting as an LXMF Propagation Node.</p>
<p>Programatically, using the LXM Router to send a message is as simple as:</p>
<spanclass="pl-s1">message</span><spanclass="pl-c1">=</span><spanclass="pl-v">LXMF</span>.<spanclass="pl-v">LXMessage</span>(<spanclass="pl-s1">destination</span>, <spanclass="pl-s1">source</span>, <spanclass="pl-s">"This is a short, simple message."</span>)
<p>The LXM Router then handles the heavy lifting, such as message packing, encryption, delivery confirmation, path lookup, routing, retries and failure notifications.</p>
<p>LXMF uses encryption provided by <ahref="https://github.com/markqvist/reticulum">Reticulum</a>, and thus uses end-to-end encryption by default. The delivery method of a message will influence which transport encryption scheme is used.</p>
<ul>
<li>
<p>A message can be delivered opportunistically, embedded in a single Reticulum packet. In this cases the message will be opportunistically routed through the network, and use <em>RSA-1024</em> asymmetric encryption.</p>
</li>
<li>
<p>If a message is delivered to the Reticulum GROUP destination type, the message will be transported using <em>AES-128</em> encryption.</p>
<p>If a message is delivered over a Reticulum link (which is the default method), the message will be encrypted with <em>ephemeral</em> keys derived with <em>ECDH</em> on the <em>SECP256R1</em> curve. This mode offers Perfect Forward Secrecy.</p>
<aid="user-content-wire-format--overhead"class="anchor"href="#wire-format--overhead"aria-hidden="true"><spanaria-hidden="true"class="octicon octicon-link"></span></a>Wire Format & Overhead</h2>
<p>Assuming the default Reticulum configuration, the binary wire-format is as follows:</p>
<ul>
<li>10 bytes destination hash</li>
<li>10 bytes source hash</li>
<li>128 bytes RSA signature</li>
<li>Remaining bytes of <ahref="https://msgpack.org"rel="nofollow">msgpack</a> payload data, in accordance with the structure defined above</li>
</ul>
<p>The complete message overhead for LXMF is only 163 bytes, which in return gives you timestamped, digitally signed, infinitely extensible, end-to-end encrypted, zero-conf routed, minimal-infrastructure messaging that's easy to use and build applications with.</p>
<p>As with Reticulum, LXMF is alpha software, and should be considered experimental. While it has been built with cryptography best-practices very foremost in mind, it <em>has not</em> been externally security audited, and there could very well be privacy-breaking bugs. If you want to help out, or help sponsor an audit, please do get in touch.</p>
