Message Authenticator

Free and Open Source under the terms of the MIT License

Last updated 2/15/2025. Thank you to all who helped, you can find them in the changelog!

Introduction Video

More Videos

• A video showing how to work with msgauth and JS8Call
  
• A video about msgauth keys

Overview

Many emergency communication groups exercise regularly, and have operators who are skilled and invested. In spite of this, and no matter how well trained the group is, there will always be external interference risks. One of these risks is an impostor pretending to be a known operator; in digital it's about the easiest type of bad actor interference one could expect to encounter.

Message Authenticator is an extremely basic application that offers a solution to the problem of authentication. Without encoding, encrypting, or obscuring any messages sent over the air, it provides a mechanism for ensuring with reasonable surety that important messages do in fact originate from the station claiming to have sent them.

How Does it Work?

Many are familiar with the decades old technology of the Cyclic Redundancy Check (CRC), which allows two sides of a data exchange to ensure the integrity of the communication. JS8Call uses a standard type CRC to validate several built-in interactions, including MSGs and other requests. This works exceptionally well, without adding a lot of communication overhead, but it relies on a public algorithm that both sides have; it was never intended as a security measure, only an assurance that the data passed correctly.

Message Authenticator adds to this idea in a simple way, through the use of a key that both sides keep secure, combined with common secure hashing algorithims used to generate a CRC. The CRC is based on the source station, target station, message, an optional datecode, a key, and two sha256 hashes. The final CRC is then sent along with the plaintext message (which includes the to/from and optional datecode if used), and validated for authenticity on the receiving side. The signed messages can be transmitted via any means, not only via radio (sms, voice, data, etc).

Documentation

There is no manual, only the readme.

Message Authenticator Features

• Sign messages before transmitting them
• Validate messages after receiving them
• An optional datecode to increase security
• Works with voice, digital, SMS, or any mode for message transmission
• That's all you get
• Changelog - View changes per build.

Download Latest

You may download the latest build of Message Authenticator below. It is installer-free and may be run directly after the zip file is extracted.

Links

• Tips, Tricks and Information, SITREPNET
• Excellent practice and training resources!
• View older versions of Message Authenticator

Notes

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Virus scanning note: You should always scan every program you download with a reputable virus scanner. I scan all posted files with VirusTotal.com, which uses ALL of the major virus scanning engines.

Support: I'm more than happy to offer my help, time permitting. My email is current on QRZ, feel free to reach out with any specific questions.

Find me on the air on 40m/30m/20m JS8Call, and on local 2m repeaters from time to time. Contact me via email if you'd like to connect on another band or mode.

• Email on QRZ
• QTH is Fulton, MO EM48at
• Privacy Policy