# Message Authenticator v0.5_020625. Visit https://kf7mix.com/ for information
# Special thanks to KD0QYN, KN4AM, and everyone else who contributed
#
# MIT License, Copyright 2025 Joseph D Lyman KF7MIX --- Permission is hereby granted,  free of charge, to any person obtaining a copy of this software and associated documentation files
# (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:  The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.  The Software IS PROVIDED "AS IS",  WITHOUT WARRANTY OF ANY KIND,  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
# WARRANTIES  OF  MERCHANTABILITY,  FITNESS OR A PARTICULAR PURPOSE AND  NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR  COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,  DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

# Readme

Message Authenticator is a very simple piece of software that enables amateur radio operators to
validate the integrity and authenticity of a message transmitted over the air. Please read the
included PDF file named "Authenticating Radio Messages" for more detailed information. This readme
provides a brief overview of the method, along with instructions on how to use the software.

## Overview

At times, you may wish to have reasonable assurance that the message you're receiving is being
received correctly, and that it was in fact sent by the reported sender. You can do this by
exchanging a "code word" off the air (in the form of a codeplug that modifies an algorithm), and
using it to validate your messages manually.

## Installation

1. Download and unpack the software in the location where you'd like to use it.
2. Edit the msgauth.cfg file with a text editor.
    * The first line is the theme style, light or dark
    * The second line is your callsign
    * The third line is your default codeplug (see below)
    * You may optionally add additional codeplugs, one per line

## Creating a Codeplug

The codeplug is in this format: <+ or -><00-99>, repeated at least 10 times. An example codeplug
would be: +03-12+94+00-42+28-07-98+55+18

Your codeplug(s) should be unique, random, and should not contain well know sequences, numbers in
order, dates, phone numbers, or anything else that could be easily guessed.

Never send your codeplug over the air; in order for it to be secure, it should be communicated in a
secure or at least semi-secure way. In-person, SMS, telephone, or email are all suitable methods.

## Using the Application

The application is split into three parts: a common entry area at the top, and two tabs at the
bottom. One tab is for signing a message, and one is for validating a signed message.

    To sign a message: Enter all of the information, select a codeplug, and click "Sign". The output
    included is formatted to work well with JS8Call, but will work with any program or even with
    voice comms. The formatted message output will be automatically copied to your clipboard.

    To validate a message: Select the codeplug associated with the source station. Enter the message
    plus target and source, exactly as received. Enter the CRC in the box provided. Click "Validate"
    to see if the CRC passes. If it fails, make sure that your message is typed properly, no extra
    spaces, etc.

## Things to Consider

* You may use a codeplug shorter than 10 segments (for example, +24+01+42 is a valid codeplug).
  However, the shorter the codeplug, the easier it will be to crack.
* You may use a codeplug longer than 10 segments, but remember that for short messages this will
  not make a difference, and longer codeplugs may be more cumbersome to share and manage.
* Using groups of codeplugs of unknown lengths (greater than 10), and alternating based on custom
  criteria (day of the week, day of the month, etc.) may greatly increase surety.
* Sending many short signed messages between the same two stations is not a secure behavior.
* Codeplugs should be modified regularly, and the frequency based on how often they are used on the
  public airwaves.
* Consider keeping separate codeplugs for exercises and real situations.

