Skip to content

v0.0.1

Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 23 Jun 17:34

Cryptspeak v0.0.1 — Independent Release Line

This is the first release under Cryptspeak's own versioning. Starting now,
this fork follows its own release cadence and version numbers, decoupled
from upstream ratspeak/rsCardputer's
numbering and the old "-CE" tag suffix.

All prior releases on this fork (v2.0.0-CE, v2.0.1-CE) have been
removed.
They predate this independent line, one of them shipped before a
critical security fix (see below), and both were early beta snapshots. If
you're running either, upgrade.

Security

  • Critical: Ed25519 signature verification bypass. Upstream microReticulum
    had a signature-verification bug that could allow identity spoofing. Fixed
    here first by switching to an emergency fork
    (0x00001312/microReticulum)
    ahead of upstream, then switched back to
    ratspeak/microReticulum once
    upstream shipped an equivalent fix (commit 3ddf3c3). v2.0.0-CE predates
    this fix and was vulnerable
    — this is the main reason it's been removed
    rather than left up.

Encryption: full at-rest coverage

The original Crypto Edition work added:

  • Identity: PBKDF2-HMAC-SHA256 (65,536 iterations) password-derived key
    wrapping the Reticulum identity private key, AES-256-CTR + HMAC-SHA256,
    constant-time MAC verification before decrypt.
  • Messages: at-rest encryption keyed via HKDF-SHA256 from the identity's
    private key, same AES-256-CTR + HMAC-SHA256 construction.
  • VeraCrypt-style password gate at boot, with lockout after 10 wrong
    attempts per power cycle, and automatic migration of any pre-existing
    plaintext identity/messages.

This release closes the two gaps that remained:

  • Contacts (saved names + the name cache) — previously plaintext JSON,
    now encrypted with the same construction, keyed independently so a
    contacts key can't decrypt messages or vice versa.
  • Device settings (WiFi AP/STA passwords, TCP hub addresses, radio
    config, display name) — same gap, same fix.

Both new domains share a generalized AtRestCrypto engine rather than
duplicating the crypto three times over, and migrate automatically and
immediately on first boot once the identity is unlocked — no prompt needed,
since both datasets are small. This also fixes a latent bug where the
settings NVS backup used putString/getString, which silently truncates
on embedded NUL bytes that an encrypted blob can legitimately contain.

Full design write-up, including the threat model: docs/.

Branding

Product is now Cryptspeak on-device (boot screen, name-input, settings)
and in the README, with rsCardputer-CE kept as the underlying codebase
name. Network defaults (TCP hub seeds, WiFi AP password) and internal
storage paths are unchanged — those are functional, not cosmetic.

Also included

  • RNode: hardened SX1262 host-reconnect handling (setModulationParams/
    setPacketParams now force standby before applying radio parameters —
    the chip silently ignores those opcodes outside standby).
  • Build workflow and Makefile refactored for this fork's own CI.

Credits

Full diff since fork point: https://github.com/0x00001312/rsCardputer-CE/compare/1b85b670...v0.0.1