LXMF identity in NomadNet identify

[faragher]

Is there any way to request the LXMF identity from the Identity in NomadNet or use the LXMF address to identify? Right now the lack of ability to communicate with an identified user of LXMF is hampering messageboard utility.

[markqvist]

You can calculate the LXMF address from the specified RNS Identity. The nomadnet client uses a single identity for both LXMF and browsing pages, so you can do what you want. But the identity hash you get on the server side is the actual identity hash before it is exanded into any destination address.

You can explore stuff like this with the included rnid utility. Here, I am just using a newly generated nomadnet identity to look at:

$ rnid -i /tmp/nomadnet/storage/identity -H lxmf.delivery

[2023-07-09 16:06:50] Loaded Identity <2cc20b9429c522e232710372dd5b7c47> from /tmp/nomadnet/storage/identity
[2023-07-09 16:06:50] The lxmf.delivery destination for this Identity is <c5e3842981456a23fc3332edc6056474>
[2023-07-09 16:06:50] The full destination specifier is <lxmf.delivery.2cc20b9429c522e232710372dd5b7c47/c5e3842981456a23fc3332edc6056474>

As we can see, the identity hash for this identity is 2cc20b9429c522e232710372dd5b7c47. When that identity creates an LXMF address (with the lxmf.delivery aspects), the corresponding destination hash (address) will be c5e3842981456a23fc3332edc6056474.

You can do this programatically in several ways. One way is to simply create an outgoing destination with the identity and aspects you want, and retrieve the destination hash:

destination = RNS.Destination(identity, RNS.Destination.OUT, RNS.Destination.SINGLE, app_name, *aspects)
RNS.log("The "+str(args.hash)+" destination for this Identity is "+RNS.prettyhexrep(destination.hash))
RNS.log("The full destination specifier is "+str(destination))

Or, you can use the hash_from_name_and_identity() API function:

import RNS
identity = RNS.Identity.from_file("/tmp/nomadnet/storage/identity")
readable_destination_hash = RNS.prettyhexrep(RNS.Destination.hash_from_name_and_identity("lxmf.delivery", identity))
print(readable_destination_hash)

Results in:

<c5e3842981456a23fc3332edc6056474>

Hope that helps!

[faragher]

I have attempted to do so (and looked into Identity.from_bytes) and had no success. I think the solution you provided is based on having the identity on the machine. I was looking into doing this server side, where NomadNet only exposes the remote_identity environment variable, which is a (truncated?) hash. Is it possible to reconstruct from that?

[markqvist]

Ah, yeah of course, I didn't think about the fact that you are doing this from inside a micron page being served by the nomadnet node!

But still, you can do it (provided that your micron page is being generated with python). You get the identity hash of the client passed as an environment variable, and you can then just use the Identity.recall() API call to get an Identity instance (instead of loading it from the disk). This will always work if your local Reticulum instance has at some point in time heard an announce from a destination associated with that identity:

import RNS
r = RNS.Reticulum()
identity_hash = bytes.fromhex("c5e3842981456a23fc3332edc6056474")
identity = RNS.Identity.recall(identity_hash)

>>> identity
<RNS.Identity.Identity object at 0x7fa4b1bbce90>

>>> RNS.prettyhexrep(identity.hash)
'<2cc20b9429c522e232710372dd5b7c47>'

If your micron pages are not being generated by a python program, you could just interact with the rnid utility via the command line, or write a small wrapper script that your own program can call to look up the LXMF address for a given identity hash.

[faragher]

It provides an address, but it doesn't match the address expected. I don't know if this is my issue, or something in Reticulum.

From the Local Peer Info:

LXMF Addr : <f5a7233c612acb393f1c273b5b0366bc>
Identity  : <3de97d02f70f67612bcbfc2d32fa7da2>

From the Micron/Python implementation:

Identity: 3de97d02f70f67612bcbfc2d32fa7da2
LXMF:    <9497d16c52ac5faec04c36db5c301e8e>

And my code implenetation:

    print("Identity "+ID_hex)
    identity_hash = bytes.fromhex(ID_hex)
    ID = RNS.Identity.recall(identity_hash)
    LXMF_hex = RNS.prettyhexrep(RNS.Destination.hash_from_name_and_identity("lxmf.delivery",ID))
    print("Expanded LXMF address "+LXMF_hex)

Where ID_hex is a string containing the identity hash in question.

Am I missing something?

[markqvist]

You're right! This actually will not always work! This is a pretty stupid situation, and we can solve it much more easily.

I just added the ability for the hashing function to take raw bytes input, instead of having to use an instantiated Identity.

As of ae28f04, you can use something like this one-liner:

RNS.prettyhexrep(RNS.Destination.hash_from_name_and_identity("lxmf.delivery", bytes.fromhex("3de97d02f70f67612bcbfc2d32fa7da2")))

[faragher]

Thanks. My time today is done, but I'll check it out soon.

Also, I'm beginning to understand the utility of the aspects and HKDF. Being able to predict an identity's endpoints is very useful, and they're one way functions, so even if you knew what the app name and aspects were, you couldn't deconstruct a primary identity without brute forcing it (or compromising the crypto).

[markqvist]

Yep, that's the thing. And you can always create as many identities as you want, if you don't want to be able to cross-reference across different aspects.

[faragher]

Works perfectly. Thanks!

[markqvist]

Good to hear! It will be in the next release. Hope you can manage using the github version until then :)