About Encryption

After flashing the hAP, this message will appear only once:

This node is not yet configured.
Go to the setup page and set your node name and password.
Click Save Changes, even if you didn't make any changes, then the node will reboot.


This device can be configured to either permit or prohibit known encrypted traffic on its RF link. It is up to the user to decide which is appropriate based on how it will be used and the license under which it will be operated. These rules vary by country, frequency, and intended use. You are encouraged to read and understand these rules before going further.

This device is pre-configured with no restrictions as to the type of data being passed.

Follow these steps if you wish to prohibit known encrypted traffic on the RF link. These instructions will disappear, so copy them for your reference:

  1. Setup your node name and password as instructed at the top of this page
  2. After you Save Changes allow your node to reboot
  3. Return to the Node Status page and navigate to Setup > Administration
  4. Obtain the blockknownencryption package from the AREDN™ website OR refresh the Package list (node must be connected to the internet)
  5. Install the blockknownencryption package by uploading it or choosing it from the package drop-down list
  6. Wait until the package installs and then reboot your node

Section 47 (b) of the Radiocommunication Regulations stipulates that:

47 A person who operates radio apparatus in the amateur radio service may only:

(b) use a code or cipher that is not secret

  • Unencrypted data uses a code that is not secret so it's not a problem
  • but encrypted data uses ciphers that are secret, so it's not allowed.

To ensure that no encrypted data is transmitted on the air, ensure that you do not allow other mesh nodes to your your WAN. This setting is in the Advanced Configuration:

Note that this might block ssh over RF but not over LAN. However, Telnet can be used over RF as it is not encrypted.