#Subject: Help with LoRa security/safety

My current plan is to add some sort of UUID/header to all of my messages, and therefore the only person that could mess things up is if someone repeated my message... which I think is possibly illegal but could happen (that's what mesh networks do I guess).

A UUID or custom header is probably your best bet, perhaps do a custom handshake at boot time to negotiate the host/client connection between your two nodes.

Another option would be to use Meshtastic (https://meshtastic.org/docs/introduction/). However, as there's currently no direct support for CircuitPython, you'll want to connect a separate Meshtastic node and make use of https://meshtastic.org/docs/configuration/module/serial/

There is a core module for aesio https://docs.circuitpython.org/en/latest/shared-bindings/aesio/ You may be able to use this to encrypt/decrypt your payload - If you are using the RadioHead compatible header (in adafruit_rfm9x) then you will have to keep the 4 byte header outside the encrypted payload. With the adafruit_rfm library, you can can disable the RadioHead header. You may want to consider using the Radiohead header and "reliable datagram" mode so that you can avoid missing packets due to interference from other transmitters. You still should be able to encrypt your payload. Which LoRa Feather are you using?

The Radio Head Header is automatically prepended to the packet so if you create and encrypt a data payload, then you should jet be able to send it and decrypt on the received end.

aesio is not supported for the feather_m0_rfm9 board but it is for the RP2040_RFM board so it depends what you are using. On the Pi, I am not sure, but hopefully the aesio encryption is compatible with the AES encryption library for python... Note: I have not tried using it myself -- adding it to my "todo" list 😉

Thanks all. I'll poke at all these recommendations. I'm using the rp2040 feather right now with the lora feather wing (purchased right before the integrated rp2040 LoRa feather was announced).

FYI - I was able to exchange encrypted packets between a Feather RP2040 RFM95 and a Pi with an rfm9x bonnet using the basic aesio eaxmple for AES_ECB mode (limited to 16 bytes per encryption buffer) On the Pi I used the pycryptodomex library. I was not able to wrap my head around "nonce" usage to get the AES_CTR mode working.... As already suggested, I agree that a custom header with an ID would be sufficient to avoid accidental interference. If you are concerned about malicious interference, I suggest finding a better group of people to play with 😉 -- bottom line. AES encryption is "possible" and if you are fluent in AES-speak (I am not) then it may be worth pursuing but I think there are simpler solutions to your problem. The RadioHead header provides for node addressing as well as the Reliable datagram mode. It is supported by the adafruit_rfm9x and adafruit_rfm libraries. You can easily set your modules to reject any messages not addressed to them (256 addresses).

ECB might be okay for this application, definitely recommend something like CTR or even something like CBC