mirror of
https://github.com/markqvist/Reticulum.git
synced 2025-07-02 18:36:50 -04:00
Updated docs
This commit is contained in:
parent
8b13d6e08b
commit
17bbb9c0b4
9 changed files with 15 additions and 14 deletions
Binary file not shown.
Binary file not shown.
|
@ -453,7 +453,7 @@ For exchanges of small amounts of information, Reticulum offers the *Packet* API
|
|||
public signing key.
|
||||
|
||||
* | In case the packet is addressed to a *group* destination type, the packet will be encrypted with the
|
||||
pre-shared AES-128 key associated with the destination. In case the packet is addressed to a *plain*
|
||||
pre-shared AES-256 key associated with the destination. In case the packet is addressed to a *plain*
|
||||
destination type, the payload data will not be encrypted. Neither of these two destination types can offer
|
||||
forward secrecy. In general, it is recommended to always use the *single* destination type, unless it is
|
||||
strictly necessary to use one of the others.
|
||||
|
@ -880,7 +880,7 @@ intentionally compromised or weakened clone. The utilised primitives are:
|
|||
|
||||
* Ephemeral keys derived from an ECDH key exchange on Curve25519
|
||||
|
||||
* AES-128 or AES-256 in CBC mode with PKCS7 padding
|
||||
* AES-256 in CBC mode with PKCS7 padding
|
||||
|
||||
* HMAC using SHA256 for message authentication
|
||||
|
||||
|
@ -892,7 +892,7 @@ intentionally compromised or weakened clone. The utilised primitives are:
|
|||
|
||||
* SHA-512
|
||||
|
||||
In the default installation configuration, the ``X25519``, ``Ed25519``, ``AES-128-CBC`` and ``AES-256-CBC``
|
||||
In the default installation configuration, the ``X25519``, ``Ed25519`` and ``AES-256-CBC``
|
||||
primitives are provided by `OpenSSL <https://www.openssl.org/>`_ (via the `PyCA/cryptography <https://github.com/pyca/cryptography>`_
|
||||
package). The hashing functions ``SHA-256`` and ``SHA-512`` are provided by the standard
|
||||
Python `hashlib <https://docs.python.org/3/library/hashlib.html>`_. The ``HKDF``, ``HMAC``,
|
||||
|
|
|
@ -68,7 +68,7 @@ What does Reticulum Offer?
|
|||
|
||||
* Ephemeral per-packet and link keys and derived from an ECDH key exchange on Curve25519
|
||||
|
||||
* AES-128 or AES-256 in CBC mode with PKCS7 padding
|
||||
* AES-256 in CBC mode with PKCS7 padding
|
||||
|
||||
* HMAC using SHA256 for authentication
|
||||
|
||||
|
|
|
@ -1610,8 +1610,8 @@ the link has been established.</p>
|
|||
<span id="example-request"></span><h2>Requests & Responses<a class="headerlink" href="#requests-responses" title="Permalink to this heading">#</a></h2>
|
||||
<p>The <em>Request</em> example explores sending requests and receiving responses.</p>
|
||||
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1">##########################################################</span>
|
||||
<span class="c1"># This RNS example demonstrates how to set perform #</span>
|
||||
<span class="c1"># requests and receive responses over a link. #</span>
|
||||
<span class="c1"># This RNS example demonstrates how to perform requests #</span>
|
||||
<span class="c1"># and receive responses over a link. #</span>
|
||||
<span class="c1">##########################################################</span>
|
||||
|
||||
<span class="kn">import</span><span class="w"> </span><span class="nn">os</span>
|
||||
|
|
|
@ -817,7 +817,7 @@ proofs should be returned for received packets.</p>
|
|||
|
||||
<dl class="py method">
|
||||
<dt class="sig sig-object py" id="RNS.Destination.register_request_handler">
|
||||
<span class="sig-name descname"><span class="pre">register_request_handler</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">path</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">response_generator</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">allow</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">ALLOW_NONE</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">allowed_list</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Destination.register_request_handler" title="Permalink to this definition">#</a></dt>
|
||||
<span class="sig-name descname"><span class="pre">register_request_handler</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">path</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">response_generator</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">allow</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">ALLOW_NONE</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">allowed_list</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">auto_compress</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">True</span></span></em><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Destination.register_request_handler" title="Permalink to this definition">#</a></dt>
|
||||
<dd><p>Registers a request handler.</p>
|
||||
<dl class="field-list simple">
|
||||
<dt class="field-odd">Parameters<span class="colon">:</span></dt>
|
||||
|
@ -826,6 +826,7 @@ proofs should be returned for received packets.</p>
|
|||
<li><p><strong>response_generator</strong> – A function or method with the signature <em>response_generator(path, data, request_id, link_id, remote_identity, requested_at)</em> to be called. Whatever this funcion returns will be sent as a response to the requester. If the function returns <code class="docutils literal notranslate"><span class="pre">None</span></code>, no response will be sent.</p></li>
|
||||
<li><p><strong>allow</strong> – One of <code class="docutils literal notranslate"><span class="pre">RNS.Destination.ALLOW_NONE</span></code>, <code class="docutils literal notranslate"><span class="pre">RNS.Destination.ALLOW_ALL</span></code> or <code class="docutils literal notranslate"><span class="pre">RNS.Destination.ALLOW_LIST</span></code>. If <code class="docutils literal notranslate"><span class="pre">RNS.Destination.ALLOW_LIST</span></code> is set, the request handler will only respond to requests for identified peers in the supplied list.</p></li>
|
||||
<li><p><strong>allowed_list</strong> – A list of <em>bytes-like</em> <a class="reference internal" href="#api-identity"><span class="std std-ref">RNS.Identity</span></a> hashes.</p></li>
|
||||
<li><p><strong>auto_compress</strong> – If <code class="docutils literal notranslate"><span class="pre">True</span></code> or <code class="docutils literal notranslate"><span class="pre">False</span></code>, determines whether automatic compression of responses should be carried out. If set to an integer value, responses will only be auto-compressed if under this size in bytes. If omitted, the default compression settings will be followed.</p></li>
|
||||
</ul>
|
||||
</dd>
|
||||
<dt class="field-even">Raises<span class="colon">:</span></dt>
|
||||
|
@ -1015,9 +1016,9 @@ they are addressed to a <code class="docutils literal notranslate"><span class="
|
|||
<code class="docutils literal notranslate"><span class="pre">RNS.Destination.GROUP</span></code> destination or a <a class="reference internal" href="#api-link"><span class="std std-ref">RNS.Link</span></a>.</p>
|
||||
<p>For <code class="docutils literal notranslate"><span class="pre">RNS.Destination.GROUP</span></code> destinations, Reticulum will use the
|
||||
pre-shared key configured for the destination. All packets to group
|
||||
destinations are encrypted with the same AES-128 key.</p>
|
||||
destinations are encrypted with the same AES-256 key.</p>
|
||||
<p>For <code class="docutils literal notranslate"><span class="pre">RNS.Destination.SINGLE</span></code> destinations, Reticulum will use a newly
|
||||
derived ephemeral AES-128 key for every packet.</p>
|
||||
derived ephemeral AES-256 key for every packet.</p>
|
||||
<p>For <a class="reference internal" href="#api-link"><span class="std std-ref">RNS.Link</span></a> destinations, Reticulum will use per-link
|
||||
ephemeral keys, and offers <strong>Forward Secrecy</strong>.</p>
|
||||
<dl class="field-list simple">
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -673,7 +673,7 @@ public signing key.</div>
|
|||
</li>
|
||||
<li><div class="line-block">
|
||||
<div class="line">In case the packet is addressed to a <em>group</em> destination type, the packet will be encrypted with the
|
||||
pre-shared AES-128 key associated with the destination. In case the packet is addressed to a <em>plain</em>
|
||||
pre-shared AES-256 key associated with the destination. In case the packet is addressed to a <em>plain</em>
|
||||
destination type, the payload data will not be encrypted. Neither of these two destination types can offer
|
||||
forward secrecy. In general, it is recommended to always use the <em>single</em> destination type, unless it is
|
||||
strictly necessary to use one of the others.</div>
|
||||
|
@ -1078,7 +1078,7 @@ intentionally compromised or weakened clone. The utilised primitives are:</p>
|
|||
<li><p>Encrypted tokens are based on the Fernet spec</p>
|
||||
<ul>
|
||||
<li><p>Ephemeral keys derived from an ECDH key exchange on Curve25519</p></li>
|
||||
<li><p>AES-128 or AES-256 in CBC mode with PKCS7 padding</p></li>
|
||||
<li><p>AES-256 in CBC mode with PKCS7 padding</p></li>
|
||||
<li><p>HMAC using SHA256 for message authentication</p></li>
|
||||
<li><p>IVs must be generated through <code class="docutils literal notranslate"><span class="pre">os.urandom()</span></code> or better</p></li>
|
||||
<li><p>No Fernet version and timestamp metadata fields</p></li>
|
||||
|
@ -1087,7 +1087,7 @@ intentionally compromised or weakened clone. The utilised primitives are:</p>
|
|||
<li><p>SHA-256</p></li>
|
||||
<li><p>SHA-512</p></li>
|
||||
</ul>
|
||||
<p>In the default installation configuration, the <code class="docutils literal notranslate"><span class="pre">X25519</span></code>, <code class="docutils literal notranslate"><span class="pre">Ed25519</span></code>, <code class="docutils literal notranslate"><span class="pre">AES-128-CBC</span></code> and <code class="docutils literal notranslate"><span class="pre">AES-256-CBC</span></code>
|
||||
<p>In the default installation configuration, the <code class="docutils literal notranslate"><span class="pre">X25519</span></code>, <code class="docutils literal notranslate"><span class="pre">Ed25519</span></code> and <code class="docutils literal notranslate"><span class="pre">AES-256-CBC</span></code>
|
||||
primitives are provided by <a class="reference external" href="https://www.openssl.org/">OpenSSL</a> (via the <a class="reference external" href="https://github.com/pyca/cryptography">PyCA/cryptography</a>
|
||||
package). The hashing functions <code class="docutils literal notranslate"><span class="pre">SHA-256</span></code> and <code class="docutils literal notranslate"><span class="pre">SHA-512</span></code> are provided by the standard
|
||||
Python <a class="reference external" href="https://docs.python.org/3/library/hashlib.html">hashlib</a>. The <code class="docutils literal notranslate"><span class="pre">HKDF</span></code>, <code class="docutils literal notranslate"><span class="pre">HMAC</span></code>,
|
||||
|
|
|
@ -279,7 +279,7 @@ considered complete and stable at the moment, but could change if absolutely war
|
|||
<li><p>Reticulum uses the following format for encrypted tokens:</p>
|
||||
<ul>
|
||||
<li><p>Ephemeral per-packet and link keys and derived from an ECDH key exchange on Curve25519</p></li>
|
||||
<li><p>AES-128 or AES-256 in CBC mode with PKCS7 padding</p></li>
|
||||
<li><p>AES-256 in CBC mode with PKCS7 padding</p></li>
|
||||
<li><p>HMAC using SHA256 for authentication</p></li>
|
||||
<li><p>IVs are generated through os.urandom()</p></li>
|
||||
</ul>
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue