fix: add default Public channel key to rainbow table#897
Open
Kpa-clawbot wants to merge 2 commits intomasterfrom
Open
fix: add default Public channel key to rainbow table#897Kpa-clawbot wants to merge 2 commits intomasterfrom
Kpa-clawbot wants to merge 2 commits intomasterfrom
Conversation
added 2 commits
April 23, 2026 03:37
The MeshCore default Public channel uses the well-known PSK 8b3387e9c5cdea6ac9e5edbaa115cd72 (channel hash byte 0x11), per the companion protocol spec. Without this entry, GRP_TXT messages on the default Public channel land in the rainbow lookup with no key and report decryption_failed even though the key is publicly known. Add it as 'Public' so the ingestor decrypts these messages out of the box on fresh deploys.
The MeshCore default Public channel uses well-known PSK 8b3387e9c5cdea6ac9e5edbaa115cd72 — it is part of the firmware spec, not a community-named channel. Don't rely on the rainbow JSON to ship it; bake it into a builtinChannelKeys() floor that loads before the rainbow file. Rainbow / hashChannels / explicit config can still override it (priority order preserved). This means fresh deploys decrypt default Public traffic out of the box even if channel-rainbow.json is missing or stale. Tests: - TestLoadChannelKeysBuiltinPublic: confirms Public is present with no rainbow / config. - TestLoadChannelKeysBuiltinOverridable: confirms explicit config still wins.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The MeshCore default
Publicchannel uses the well-known PSK8b3387e9c5cdea6ac9e5edbaa115cd72(channel-hash byte0x11) per the companion protocol spec.This key is missing from
channel-rainbow.jsonin the repo. As a result, the ingestor sees GRP_TXT messages on the default Public channel (the most common channel on the mesh), can't find a key for hash0x11(the only entry that hashes to 0x11 in the current rainbow is#bogota, which obviously isn't the right key), and reportsdecryption_failed. Fresh deploys see almost no decrypted public traffic.Fix
Add the well-known Public channel key to the rainbow as
"Public": "8b3387e9c5cdea6ac9e5edbaa115cd72".Verification
Matches the channel-hash byte we observe on incoming Public channel GRP_TXT packets.
Discovered via
Fresh MikroTik container deploy with no local channel additions — every Public message showed up as
decryption_failedwhile#LongFastetc decrypted fine.