Git-Mirrors/reticulum_website
1
0
Fork 0
mirror of https://github.com/markqvist/reticulum_website.git synced 2025-04-23 17:29:16 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated github build

Browse Source
This commit is contained in:
Mark Qvist 2025-04-16 01:04:48 +02:00
parent 0cac43c332
commit ff35bb5604
5 changed files with 29 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/manual/_sources/understanding.rst.txt
View File

@ -858,9 +858,17 @@ of the different interface modes, and how they are configured.
Cryptographic Primitives
------------------------
Reticulum has been designed to use a simple suite of efficient, strong and modern
cryptographic primitives, with widely available implementations that can be used
both on general-purpose CPUs and on microcontrollers. The necessary primitives are:
Reticulum uses a simple suite of efficient, strong and well-tested cryptographic
primitives, with widely available implementations that can be used both on
general-purpose CPUs and on microcontrollers.
One of the primary considerations for choosing this particular set of primitives is
that they can be implemented *safely* with relatively few pitfalls, on practically
all current computing platforms.
The primitives listed here **are authoritative**. Anything claiming to be Reticulum,
but not using these exact primitives **is not** Reticulum, and possibly an
intentionally compromised or weakened clone. The utilised primitives are:
* Ed25519 for signatures
@ -872,11 +880,11 @@ both on general-purpose CPUs and on microcontrollers. The necessary primitives a
* Ephemeral keys derived from an ECDH key exchange on Curve25519
* AES-128 in CBC mode with PKCS7 padding
* AES-128 or AES-256 in CBC mode with PKCS7 padding
* HMAC using SHA256 for message authentication
* IVs are generated through os.urandom()
* IVs must be generated through ``os.urandom()`` or better
* No Fernet version and timestamp metadata fields
@ -884,7 +892,7 @@ both on general-purpose CPUs and on microcontrollers. The necessary primitives a
* SHA-512
In the default installation configuration, the ``X25519``, ``Ed25519`` and ``AES-128-CBC``
In the default installation configuration, the ``X25519``, ``Ed25519``, ``AES-128-CBC`` and ``AES-256-CBC``
primitives are provided by `OpenSSL <https://www.openssl.org/>`_ (via the `PyCA/cryptography <https://github.com/pyca/cryptography>`_
package). The hashing functions ``SHA-256`` and ``SHA-512`` are provided by the standard
Python `hashlib <https://docs.python.org/3/library/hashlib.html>`_. The ``HKDF``, ``HMAC``,

2
docs/manual/_sources/whatis.rst.txt
View File

@ -68,7 +68,7 @@ What does Reticulum Offer?
* Ephemeral per-packet and link keys and derived from an ECDH key exchange on Curve25519
* AES-128 in CBC mode with PKCS7 padding
* AES-128 or AES-256 in CBC mode with PKCS7 padding
* HMAC using SHA256 for authentication

2
docs/manual/searchindex.js
View File

File diff suppressed because one or more lines are too long

18
docs/manual/understanding.html
View File

@ -1062,9 +1062,15 @@ of the different interface modes, and how they are configured.</p>
</section>
<section id="cryptographic-primitives">
<span id="understanding-primitives"></span><h3>Cryptographic Primitives<a class="headerlink" href="#cryptographic-primitives" title="Permalink to this heading">#</a></h3>
<p>Reticulum has been designed to use a simple suite of efficient, strong and modern
cryptographic primitives, with widely available implementations that can be used
both on general-purpose CPUs and on microcontrollers. The necessary primitives are:</p>
<p>Reticulum uses a simple suite of efficient, strong and well-tested cryptographic
primitives, with widely available implementations that can be used both on
general-purpose CPUs and on microcontrollers.</p>
<p>One of the primary considerations for choosing this particular set of primitives is
that they can be implemented <em>safely</em> with relatively few pitfalls, on practically
all current computing platforms.</p>
<p>The primitives listed here <strong>are authoritative</strong>. Anything claiming to be Reticulum,
but not using these exact primitives <strong>is not</strong> Reticulum, and possibly an
intentionally compromised or weakened clone. The utilised primitives are:</p>
<ul class="simple">
<li><p>Ed25519 for signatures</p></li>
<li><p>X25519 for ECDH key exchanges</p></li>
@ -1072,16 +1078,16 @@ both on general-purpose CPUs and on microcontrollers. The necessary primitives a
<li><p>Encrypted tokens are based on the Fernet spec</p>
<ul>
<li><p>Ephemeral keys derived from an ECDH key exchange on Curve25519</p></li>
<li><p>AES-128 in CBC mode with PKCS7 padding</p></li>
<li><p>AES-128 or AES-256 in CBC mode with PKCS7 padding</p></li>
<li><p>HMAC using SHA256 for message authentication</p></li>
<li><p>IVs are generated through os.urandom()</p></li>
<li><p>IVs must be generated through <code class="docutils literal notranslate"><span class="pre">os.urandom()</span></code> or better</p></li>
<li><p>No Fernet version and timestamp metadata fields</p></li>
</ul>
</li>
<li><p>SHA-256</p></li>
<li><p>SHA-512</p></li>
</ul>
<p>In the default installation configuration, the <code class="docutils literal notranslate"><span class="pre">X25519</span></code>, <code class="docutils literal notranslate"><span class="pre">Ed25519</span></code> and <code class="docutils literal notranslate"><span class="pre">AES-128-CBC</span></code>
<p>In the default installation configuration, the <code class="docutils literal notranslate"><span class="pre">X25519</span></code>, <code class="docutils literal notranslate"><span class="pre">Ed25519</span></code>, <code class="docutils literal notranslate"><span class="pre">AES-128-CBC</span></code> and <code class="docutils literal notranslate"><span class="pre">AES-256-CBC</span></code>
primitives are provided by <a class="reference external" href="https://www.openssl.org/">OpenSSL</a> (via the <a class="reference external" href="https://github.com/pyca/cryptography">PyCA/cryptography</a>
package). The hashing functions <code class="docutils literal notranslate"><span class="pre">SHA-256</span></code> and <code class="docutils literal notranslate"><span class="pre">SHA-512</span></code> are provided by the standard
Python <a class="reference external" href="https://docs.python.org/3/library/hashlib.html">hashlib</a>. The <code class="docutils literal notranslate"><span class="pre">HKDF</span></code>, <code class="docutils literal notranslate"><span class="pre">HMAC</span></code>,

2
docs/manual/whatis.html
View File

@ -279,7 +279,7 @@ considered complete and stable at the moment, but could change if absolutely war
<li><p>Reticulum uses the following format for encrypted tokens:</p>
<ul>
<li><p>Ephemeral per-packet and link keys and derived from an ECDH key exchange on Curve25519</p></li>
<li><p>AES-128 in CBC mode with PKCS7 padding</p></li>
<li><p>AES-128 or AES-256 in CBC mode with PKCS7 padding</p></li>
<li><p>HMAC using SHA256 for authentication</p></li>
<li><p>IVs are generated through os.urandom()</p></li>
</ul>