API Reference

This reference guide lists and explains all classes exposed by the RNS API.

Classes

Communication over a Reticulum network is achieved using a set of classes exposed by RNS.

Reticulum

class RNS.Reticulum(configdir=None, loglevel=None, logdest=None)

This class is used to initialise access to Reticulum within a program. You must create exactly one instance of this class before carrying out any other RNS operations, such as creating destinations or sending traffic. Every independently executed program must create their own instance of the Reticulum class, but Reticulum will automatically handle inter-program communication on the same system, and expose all connected programs to external interfaces as well.

As soon as an instance of this class is created, Reticulum will start opening and configuring any hardware devices specified in the supplied configuration.

Currently the first running instance must be kept running while other local instances are connected, as the first created instance will act as a master instance that directly communicates with external hardware such as modems, TNCs and radios. If a master instance is asked to exit, it will not exit until all client processes have terminated (unless killed forcibly).

If you are running Reticulum on a system with several different programs that use RNS starting and terminating at different times, it will be advantageous to run a master RNS instance as a daemon for other programs to use on demand.

MTU = 500

The MTU that Reticulum adheres to, and will expect other peers to adhere to. By default, the MTU is 507 bytes. In custom RNS network implementations, it is possible to change this value, but doing so will completely break compatibility with all other RNS networks. An identical MTU is a prerequisite for peers to communicate in the same network.

Unless you really know what you are doing, the MTU should be left at the default value.

ANNOUNCE_CAP = 2

The maximum percentage of interface bandwidth that, at any given time, may be used to propagate announces. If an announce was scheduled for broadcasting on an interface, but doing so would exceed the allowed bandwidth allocation, the announce will be queued for transmission when there is bandwidth available.

Reticulum will always prioritise propagating announces with fewer hops, ensuring that distant, large networks with many peers on fast links don’t overwhelm the capacity of smaller networks on slower mediums. If an announce remains queued for an extended amount of time, it will eventually be dropped.

This value will be applied by default to all created interfaces, but it can be configured individually on a per-interface basis.

static should_use_implicit_proof()

Returns whether proofs sent are explicit or implicit.

Returns:

True if the current running configuration specifies to use implicit proofs. False if not.

static transport_enabled()

Returns whether Transport is enabled for the running instance.

When Transport is enabled, Reticulum will route traffic for other peers, respond to path requests and pass announces over the network.

Returns:

True if Transport is enabled, False if not.

Identity

class RNS.Identity(create_keys=True)

This class is used to manage identities in Reticulum. It provides methods for encryption, decryption, signatures and verification, and is the basis for all encrypted communication over Reticulum networks.

Parameters:

create_keys – Specifies whether new encryption and signing keys should be generated.

CURVE = 'Curve25519'

The curve used for Elliptic Curve DH key exchanges

KEYSIZE = 512

X25519 key size in bits. A complete key is the concatenation of a 256 bit encryption key, and a 256 bit signing key.

TRUNCATED_HASHLENGTH = 128

Constant specifying the truncated hash length (in bits) used by Reticulum for addressable hashes and other purposes. Non-configurable.

static recall(destination_hash)

Recall identity for a destination hash.

Parameters:

destination_hash – Destination hash as bytes.

Returns:

An RNS.Identity instance that can be used to create an outgoing RNS.Destination, or None if the destination is unknown.

static recall_app_data(destination_hash)

Recall last heard app_data for a destination hash.

Parameters:

destination_hash – Destination hash as bytes.

Returns:

Bytes containing app_data, or None if the destination is unknown.

static full_hash(data)

Get a SHA-256 hash of passed data.

Parameters:

data – Data to be hashed as bytes.

Returns:

SHA-256 hash as bytes

static truncated_hash(data)

Get a truncated SHA-256 hash of passed data.

Parameters:

data – Data to be hashed as bytes.

Returns:

Truncated SHA-256 hash as bytes

static get_random_hash()

Get a random SHA-256 hash.

Parameters:

data – Data to be hashed as bytes.

Returns:

Truncated SHA-256 hash of random data as bytes

static from_bytes(prv_bytes)

Create a new RNS.Identity instance from bytes of private key. Can be used to load previously created and saved identities into Reticulum.

Parameters:

prv_bytes – The bytes of private a saved private key. HAZARD! Never use this to generate a new key by feeding random data in prv_bytes.

Returns:

A RNS.Identity instance, or None if the bytes data was invalid.

static from_file(path)

Create a new RNS.Identity instance from a file. Can be used to load previously created and saved identities into Reticulum.

Parameters:

path – The full path to the saved RNS.Identity data

Returns:

A RNS.Identity instance, or None if the loaded data was invalid.

to_file(path)

Saves the identity to a file. This will write the private key to disk, and anyone with access to this file will be able to decrypt all communication for the identity. Be very careful with this method.

Parameters:

path – The full path specifying where to save the identity.

Returns:

True if the file was saved, otherwise False.

get_private_key()
Returns:

The private key as bytes

get_public_key()
Returns:

The public key as bytes

load_private_key(prv_bytes)

Load a private key into the instance.

Parameters:

prv_bytes – The private key as bytes.

Returns:

True if the key was loaded, otherwise False.

load_public_key(pub_bytes)

Load a public key into the instance.

Parameters:

pub_bytes – The public key as bytes.

Returns:

True if the key was loaded, otherwise False.

encrypt(plaintext)

Encrypts information for the identity.

Parameters:

plaintext – The plaintext to be encrypted as bytes.

Returns:

Ciphertext token as bytes.

Raises:

KeyError if the instance does not hold a public key.

decrypt(ciphertext_token)

Decrypts information for the identity.

Parameters:

ciphertext – The ciphertext to be decrypted as bytes.

Returns:

Plaintext as bytes, or None if decryption fails.

Raises:

KeyError if the instance does not hold a private key.

sign(message)

Signs information by the identity.

Parameters:

message – The message to be signed as bytes.

Returns:

Signature as bytes.

Raises:

KeyError if the instance does not hold a private key.

validate(signature, message)

Validates the signature of a signed message.

Parameters:
  • signature – The signature to be validated as bytes.

  • message – The message to be validated as bytes.

Returns:

True if the signature is valid, otherwise False.

Raises:

KeyError if the instance does not hold a public key.

Destination

class RNS.Destination(identity, direction, type, app_name, *aspects)

A class used to describe endpoints in a Reticulum Network. Destination instances are used both to create outgoing and incoming endpoints. The destination type will decide if encryption, and what type, is used in communication with the endpoint. A destination can also announce its presence on the network, which will also distribute necessary keys for encrypted communication with it.

Parameters:
  • identity – An instance of RNS.Identity. Can hold only public keys for an outgoing destination, or holding private keys for an ingoing.

  • directionRNS.Destination.IN or RNS.Destination.OUT.

  • typeRNS.Destination.SINGLE, RNS.Destination.GROUP or RNS.Destination.PLAIN.

  • app_name – A string specifying the app name.

  • *aspects – Any non-zero number of string arguments.

static full_name(app_name, *aspects)
Returns:

A string containing the full human-readable name of the destination, for an app_name and a number of aspects.

static app_and_aspects_from_name(full_name)
Returns:

A tuple containing the app name and a list of aspects, for a full-name string.

static hash_from_name_and_identity(full_name, identity)
Returns:

A destination name in adressable hash form, for a full name string and Identity instance.

static hash(app_name, *aspects)
Returns:

A destination name in adressable hash form, for an app_name and a number of aspects.

announce(app_data=None, path_response=False)

Creates an announce packet for this destination and broadcasts it on all relevant interfaces. Application specific data can be added to the announce.

Parameters:
  • app_databytes containing the app_data.

  • path_response – Internal flag used by RNS.Transport. Ignore.

Set or query whether the destination accepts incoming link requests.

Parameters:

accepts – If True or False, this method sets whether the destination accepts incoming link requests. If not provided or None, the method returns whether the destination currently accepts link requests.

Returns:

True or False depending on whether the destination accepts incoming link requests, if the accepts parameter is not provided or None.

Registers a function to be called when a link has been established to this destination.

Parameters:

callback – A function or method with the signature callback(link) to be called when a new link is established with this destination.

set_packet_callback(callback)

Registers a function to be called when a packet has been received by this destination.

Parameters:

callback – A function or method with the signature callback(data, packet) to be called when this destination receives a packet.

set_proof_requested_callback(callback)

Registers a function to be called when a proof has been requested for a packet sent to this destination. Allows control over when and if proofs should be returned for received packets.

Parameters:

callback – A function or method to with the signature callback(packet) be called when a packet that requests a proof is received. The callback must return one of True or False. If the callback returns True, a proof will be sent. If it returns False, a proof will not be sent.

set_proof_strategy(proof_strategy)

Sets the destinations proof strategy.

Parameters:

proof_strategy – One of RNS.Destination.PROVE_NONE, RNS.Destination.PROVE_ALL or RNS.Destination.PROVE_APP. If RNS.Destination.PROVE_APP is set, the proof_requested_callback will be called to determine whether a proof should be sent or not.

register_request_handler(path, response_generator=None, allow=0, allowed_list=None)

Registers a request handler.

Parameters:
  • path – The path for the request handler to be registered.

  • response_generator – A function or method with the signature response_generator(path, data, request_id, remote_identity, requested_at) to be called. Whatever this funcion returns will be sent as a response to the requester. If the function returns None, no response will be sent.

  • allow – One of RNS.Destination.ALLOW_NONE, RNS.Destination.ALLOW_ALL or RNS.Destination.ALLOW_LIST. If RNS.Destination.ALLOW_LIST is set, the request handler will only respond to requests for identified peers in the supplied list.

  • allowed_list – A list of bytes-like RNS.Identity hashes.

Raises:

ValueError if any of the supplied arguments are invalid.

deregister_request_handler(path)

Deregisters a request handler.

Parameters:

path – The path for the request handler to be deregistered.

Returns:

True if the handler was deregistered, otherwise False.

create_keys()

For a RNS.Destination.GROUP type destination, creates a new symmetric key.

Raises:

TypeError if called on an incompatible type of destination.

get_private_key()

For a RNS.Destination.GROUP type destination, returns the symmetric private key.

Raises:

TypeError if called on an incompatible type of destination.

load_private_key(key)

For a RNS.Destination.GROUP type destination, loads a symmetric private key.

Parameters:

key – A bytes-like containing the symmetric key.

Raises:

TypeError if called on an incompatible type of destination.

encrypt(plaintext)

Encrypts information for RNS.Destination.SINGLE or RNS.Destination.GROUP type destination.

Parameters:

plaintext – A bytes-like containing the plaintext to be encrypted.

Raises:

ValueError if destination does not hold a necessary key for encryption.

decrypt(ciphertext)

Decrypts information for RNS.Destination.SINGLE or RNS.Destination.GROUP type destination.

Parameters:

ciphertextBytes containing the ciphertext to be decrypted.

Raises:

ValueError if destination does not hold a necessary key for decryption.

sign(message)

Signs information for RNS.Destination.SINGLE type destination.

Parameters:

messageBytes containing the message to be signed.

Returns:

A bytes-like containing the message signature, or None if the destination could not sign the message.

set_default_app_data(app_data=None)

Sets the default app_data for the destination. If set, the default app_data will be included in every announce sent by the destination, unless other app_data is specified in the announce method.

Parameters:

app_data – A bytes-like containing the default app_data, or a callable returning a bytes-like containing the app_data.

clear_default_app_data()

Clears default app_data previously set for the destination.

Packet

class RNS.Packet(destination, data, create_receipt=True)

The Packet class is used to create packet instances that can be sent over a Reticulum network. Packets to will automatically be encrypted if they are adressed to a RNS.Destination.SINGLE destination, RNS.Destination.GROUP destination or a RNS.Link.

For RNS.Destination.GROUP destinations, Reticulum will use the pre-shared key configured for the destination. All packets to group destinations are encrypted with the same AES-128 key.

For RNS.Destination.SINGLE destinations, Reticulum will use a newly derived ephemeral AES-128 key for every packet.

For RNS.Link destinations, Reticulum will use per-link ephemeral keys, and offers Forward Secrecy.

Parameters:
  • destination – A RNS.Destination instance to which the packet will be sent.

  • data – The data payload to be included in the packet as bytes.

  • create_receipt – Specifies whether a RNS.PacketReceipt should be created when instantiating the packet.

ENCRYPTED_MDU = 383

The maximum size of the payload data in a single encrypted packet

PLAIN_MDU = 464

The maximum size of the payload data in a single unencrypted packet

send()

Sends the packet.

Returns:

A RNS.PacketReceipt instance if create_receipt was set to True when the packet was instantiated, if not returns None. If the packet could not be sent False is returned.

resend()

Re-sends the packet.

Returns:

A RNS.PacketReceipt instance if create_receipt was set to True when the packet was instantiated, if not returns None. If the packet could not be sent False is returned.

Packet Receipt

class RNS.PacketReceipt

The PacketReceipt class is used to receive notifications about RNS.Packet instances sent over the network. Instances of this class are never created manually, but always returned from the send() method of a RNS.Packet instance.

get_status()
Returns:

The status of the associated RNS.Packet instance. Can be one of RNS.PacketReceipt.SENT, RNS.PacketReceipt.DELIVERED, RNS.PacketReceipt.FAILED or RNS.PacketReceipt.CULLED.

get_rtt()
Returns:

The round-trip-time in seconds

set_timeout(timeout)

Sets a timeout in seconds

Parameters:

timeout – The timeout in seconds.

set_delivery_callback(callback)

Sets a function that gets called if a successfull delivery has been proven.

Parameters:

callback – A callable with the signature callback(packet_receipt)

set_timeout_callback(callback)

Sets a function that gets called if the delivery times out.

Parameters:

callback – A callable with the signature callback(packet_receipt)

Request Receipt

class RNS.RequestReceipt

An instance of this class is returned by the request method of RNS.Link instances. It should never be instantiated manually. It provides methods to check status, response time and response data when the request concludes.

get_request_id()
Returns:

The request ID as bytes.

get_status()
Returns:

The current status of the request, one of RNS.RequestReceipt.FAILED, RNS.RequestReceipt.SENT, RNS.RequestReceipt.DELIVERED, RNS.RequestReceipt.READY.

get_progress()
Returns:

The progress of a response being received as a float between 0.0 and 1.0.

get_response()
Returns:

The response as bytes if it is ready, otherwise None.

get_response_time()
Returns:

The response time of the request in seconds.

Resource

class RNS.Resource(data, link, advertise=True, auto_compress=True, callback=None, progress_callback=None, timeout=None)

The Resource class allows transferring arbitrary amounts of data over a link. It will automatically handle sequencing, compression, coordination and checksumming.

Parameters:
  • data – The data to be transferred. Can be bytes or an open file handle. See the Filetransfer Example for details.

  • link – The RNS.Link instance on which to transfer the data.

  • advertise – Optional. Whether to automatically advertise the resource. Can be True or False.

  • auto_compress – Optional. Whether to auto-compress the resource. Can be True or False.

  • callback – An optional callable with the signature callback(resource). Will be called when the resource transfer concludes.

  • progress_callback – An optional callable with the signature callback(resource). Will be called whenever the resource transfer progress is updated.

advertise()

Advertise the resource. If the other end of the link accepts the resource advertisement it will begin transferring.

cancel()

Cancels transferring the resource.

get_progress()
Returns:

The current progress of the resource transfer as a float between 0.0 and 1.0.

get_transfer_size()
Returns:

The number of bytes needed to transfer the resource.

get_data_size()
Returns:

The total data size of the resource.

get_parts()
Returns:

The number of parts the resource will be transferred in.

get_segments()
Returns:

The number of segments the resource is divided into.

get_hash()
Returns:

The hash of the resource.

is_compressed()
Returns:

Whether the resource is compressed.

Transport

class RNS.Transport

Through static methods of this class you can interact with the Transport system of Reticulum.

PATHFINDER_M = 128

Maximum amount of hops that Reticulum will transport a packet.

static register_announce_handler(handler)

Registers an announce handler.

Parameters:

handler – Must be an object with an aspect_filter attribute and a received_announce(destination_hash, announced_identity, app_data) callable. See the Announce Example for more info.

static deregister_announce_handler(handler)

Deregisters an announce handler.

Parameters:

handler – The announce handler to be deregistered.

static has_path(destination_hash)
Parameters:

destination_hash – A destination hash as bytes.

Returns:

True if a path to the destination is known, otherwise False.

static hops_to(destination_hash)
Parameters:

destination_hash – A destination hash as bytes.

Returns:

The number of hops to the specified destination, or RNS.Transport.PATHFINDER_M if the number of hops is unknown.

static next_hop(destination_hash)
Parameters:

destination_hash – A destination hash as bytes.

Returns:

The destination hash as bytes for the next hop to the specified destination, or None if the next hop is unknown.

static next_hop_interface(destination_hash)
Parameters:

destination_hash – A destination hash as bytes.

Returns:

The interface for the next hop to the specified destination, or None if the interface is unknown.

static request_path(destination_hash, on_interface=None, tag=None, recursive=False)

Requests a path to the destination from the network. If another reachable peer on the network knows a path, it will announce it.

Parameters:
  • destination_hash – A destination hash as bytes.

  • on_interface – If specified, the path request will only be sent on this interface. In normal use, Reticulum handles this automatically, and this parameter should not be used.