Channel Database β
The Channel Database feature allows MeshMonitor to store additional channel configurations beyond your device's 8 channel slots. These stored channels can be used for server-side packet decryption, enabling you to monitor encrypted traffic from channels you're not actively participating in.
Overview β
Meshtastic devices are limited to 8 channel slots, but mesh networks often have many more channels in use. The Channel Database solves this limitation by:
- Storing unlimited channel configurations - Save channel name and PSK combinations in MeshMonitor's database
- Server-side decryption - Automatically decrypt incoming encrypted packets using stored channel keys
- Read-only access - View decrypted message content without transmit capability
- Retroactive processing - When adding a new channel, MeshMonitor processes historical encrypted packets
Read-Only Feature
The Channel Database provides read-only decryption capability. You can view decrypted content but cannot send messages on database-stored channels. To transmit, you must have the channel configured on your connected Meshtastic device.
Accessing the Channel Database β
The Channel Database is located in the Configuration tab under Channel Database.
Permissions Required β
- Admin users can manage all database channels (add, edit, delete)
- Non-admin users need explicit permissions to view decrypted content from specific channels
Adding a Channel β
- Navigate to Configuration > Channel Database
- Click Add Channel
- Enter the channel details:
- Name - A descriptive name for the channel
- PSK - The Pre-Shared Key (Base64 encoded)
- Description (optional) - Notes about the channel's purpose
- Click Save
PSK Format
Enter the PSK in Base64 format, the same format used by Meshtastic. You can find channel PSKs in your device's channel configuration or exported settings.
How Server-Side Decryption Works β
When MeshMonitor receives an encrypted packet:
- The packet is first processed by your connected Meshtastic node
- If your node can decrypt it (channel is in device slots), you see the decrypted content
- If your node cannot decrypt it, MeshMonitor tries each enabled Channel Database entry
- On successful decryption, the packet content is decoded and displayed
- The Packet Monitor shows a special indicator for server-decrypted packets
Decryption Indicators in Packet Monitor β
| Icon | Meaning |
|---|---|
| Green unlock | Decrypted by your Meshtastic node |
| Blue key | Decrypted by MeshMonitor (Channel Database) |
| Red lock | Encrypted (no matching key found) |
Retroactive Processing β
When you add a new channel to the database, MeshMonitor automatically processes historical encrypted packets:
- Scans the packet log for encrypted packets
- Attempts decryption with the new channel's PSK
- Updates successfully decrypted packets with their content
- Shows progress during processing
This means you can add a channel key and immediately see historical messages that were previously unreadable.
Security Considerations β
Protect Your Channel Keys
Channel PSKs are stored in MeshMonitor's database. Ensure your MeshMonitor instance is properly secured:
- Use strong authentication
- Enable HTTPS in production
- Restrict admin access
- Regular backups include channel keys
Permission Model β
The Channel Database uses a permission system to control access:
- Admins have full access to all database channels
- Non-admin users must be granted explicit read permission per channel
- Permissions are managed in the Admin tab
Managing Channels β
Enabling/Disabling Channels β
Toggle channels on or off without deleting them. Disabled channels are not used for decryption but remain in the database.
Editing Channels β
Update the name, PSK, or description of existing channels. Changed PSKs will affect future decryption and can trigger retroactive processing.
Deleting Channels β
Remove channels you no longer need. This does not affect already-decrypted packets in the log.
Channel Statistics β
Each channel entry shows:
- Decrypted packet count - How many packets have been decrypted using this channel
- Last decrypted - Timestamp of the most recent decryption
- Status - Enabled or disabled
Use Cases β
Monitoring Multiple Communities β
If your mesh spans multiple communities with different channels, store all channel keys to monitor traffic across the entire network.
Security Auditing β
Network administrators can use the Channel Database to audit traffic patterns across all channels without configuring each one on their device.
Historical Analysis β
Add channel keys later to decrypt historical traffic that was captured but not readable at the time.
Channel Key Recovery β
If you have backup channel configurations, import them into the Channel Database to restore monitoring capability.
API Access β
The Channel Database is accessible via the V1 API:
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/channel-database | List all channels (filtered by permission) |
| GET | /api/v1/channel-database/:id | Get specific channel |
| POST | /api/v1/channel-database | Create new channel (admin only) |
| PUT | /api/v1/channel-database/:id | Update channel (admin only) |
| DELETE | /api/v1/channel-database/:id | Delete channel (admin only) |
Limitations β
- No transmit capability - Database channels are read-only
- Requires encrypted packets to be captured - Your node must receive the packets first
- AES decryption only - Standard Meshtastic encryption (AES-128-CTR or AES-256-CTR)
- Performance - Very large numbers of channels may impact packet processing speed
Troubleshooting β
Packets Not Decrypting β
- Verify the PSK is correct and in Base64 format
- Check that the channel is enabled in the database
- Ensure your node is receiving the encrypted packets
- Verify you have permission to view the channel
Missing Historical Packets β
Retroactive processing only works on packets stored in the packet log. If packet logging was disabled or packets were purged, they cannot be recovered.
Performance Issues β
If packet processing becomes slow:
- Disable unused channels
- Reduce the number of enabled database channels
- Consider purging old packet log entries