Encryption - Default vs Random PSK

Thanks to the Meshtastic team - very important comms contribution, especially these days. Will look for donate link.

Question: After digging into the documentation, it seems that when one sets up a network using all default settings - the encryption used, is using a public key that anyone can obtain. Is this correct? Is it AES256, just with a public key?

In order to have a strong, private key, you need to set ‘Random PSK’ using the ‘Device Settings’ in the Meshtastic Flasher GUI (in my case). Is this correct?

I have three devices, and set ‘Random PSK’ on each one, clicked ‘Save’, set a Master Device to create the network, and then scanned the QR Code with the other two devices - all three are communicating perfectly… what happens, if I want to add a friend, in the field with no access to device settings and he can’t set ‘Random PSK’?

Thanks, trying to get a handle on how to make MT as secure as possible.

Well, you mentioned in another post being from .mil - so how it is solved there? You need some means to change default settings unless your default settings in fw are the right ones. This opens up another can of worms with stolen fw

From the iOS or the Android App you can generate a QR code, which will contain your network settings, secret key etc. This code can then either be scanned directly of an already connected SmartPhone, or from the Android App be forwarded in different ways like for example e-mail.

I believe this should also be possible with the Meshtastic program for Linux/MacOS/Windows, but I haven’t tried it personally so I can’t confirm the functionality for this.

My MOS wasn’t in Commo, and I left AD in '02 - not much encryption going on at the Squad/Platoon level back then.

That makes sense - the master device (that created the network), embeds the new ‘Random PSK’ in the QR Code…and all others have it once scanning/opening a link. Thanks.