diff --git a/app/src/main/java/com/geeksville/mesh/database/entity/NodeEntity.kt b/app/src/main/java/com/geeksville/mesh/database/entity/NodeEntity.kt
index 04f977ba4..c80cea7a4 100644
--- a/app/src/main/java/com/geeksville/mesh/database/entity/NodeEntity.kt
+++ b/app/src/main/java/com/geeksville/mesh/database/entity/NodeEntity.kt
@@ -14,6 +14,7 @@ import com.geeksville.mesh.Position
 import com.geeksville.mesh.TelemetryProtos
 import com.geeksville.mesh.copy
 import com.geeksville.mesh.util.latLongToMeter
+import com.google.protobuf.ByteString
 
 @Suppress("MagicNumber")
 @Entity(tableName = "nodes")
@@ -80,6 +81,8 @@ data class NodeEntity(
         }
 
     val hasPKC get() = !user.publicKey.isEmpty
+    val errorByteString: ByteString get() = ByteString.copyFrom(ByteArray(32) { 0 })
+    val mismatchKey get() = user.publicKey == errorByteString
 
     val batteryLevel get() = deviceMetrics.batteryLevel
     val voltage get() = deviceMetrics.voltage
diff --git a/app/src/main/java/com/geeksville/mesh/service/MeshService.kt b/app/src/main/java/com/geeksville/mesh/service/MeshService.kt
index af48162bc..1d274ea05 100644
--- a/app/src/main/java/com/geeksville/mesh/service/MeshService.kt
+++ b/app/src/main/java/com/geeksville/mesh/service/MeshService.kt
@@ -785,7 +785,11 @@ class MeshService : Service(), Logging {
     /// Update our DB of users based on someone sending out a User subpacket
     private fun handleReceivedUser(fromNum: Int, p: MeshProtos.User, channel: Int = 0) {
         updateNodeInfo(fromNum) {
-            it.user = p
+            val keyMatch = !it.hasPKC || it.user.publicKey == p.publicKey
+            it.user = if (keyMatch) p else p.copy {
+                warn("Public key mismatch from $longName ($shortName)")
+                publicKey = it.errorByteString
+            }
             it.longName = p.longName
             it.shortName = p.shortName
             it.channel = channel
diff --git a/app/src/main/java/com/geeksville/mesh/ui/NodeItem.kt b/app/src/main/java/com/geeksville/mesh/ui/NodeItem.kt
index 7d50aa218..ea7234fb6 100644
--- a/app/src/main/java/com/geeksville/mesh/ui/NodeItem.kt
+++ b/app/src/main/java/com/geeksville/mesh/ui/NodeItem.kt
@@ -21,6 +21,7 @@ import androidx.compose.foundation.layout.defaultMinSize
 import androidx.compose.foundation.layout.fillMaxWidth
 import androidx.compose.foundation.layout.height
 import androidx.compose.foundation.layout.padding
+import androidx.compose.foundation.layout.size
 import androidx.compose.foundation.layout.width
 import androidx.compose.foundation.text.selection.DisableSelection
 import androidx.compose.foundation.text.selection.SelectionContainer
@@ -37,6 +38,7 @@ import androidx.compose.runtime.Composable
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.remember
+import androidx.compose.runtime.setValue
 import androidx.compose.ui.Alignment
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.graphics.Color
@@ -54,6 +56,8 @@ import com.geeksville.mesh.ConfigProtos.Config.DisplayConfig
 import com.geeksville.mesh.MeshProtos
 import com.geeksville.mesh.R
 import com.geeksville.mesh.database.entity.NodeEntity
+import com.geeksville.mesh.ui.components.NodeKeyStatusIcon
+import com.geeksville.mesh.ui.components.SimpleAlertDialog
 import com.geeksville.mesh.ui.compose.ElevationInfo
 import com.geeksville.mesh.ui.compose.SatelliteCountInfo
 import com.geeksville.mesh.ui.preview.NodeEntityPreviewParameterProvider
@@ -119,6 +123,16 @@ fun NodeItem(
 
     val (detailsShown, showDetails) = remember { mutableStateOf(expanded) }
 
+    var showEncryptionDialog by remember { mutableStateOf(false) }
+    if (showEncryptionDialog) {
+        val (title, text) = when {
+            thatNode.mismatchKey -> R.string.encryption_error to R.string.encryption_error_text
+            thatNode.hasPKC -> R.string.encryption_pkc to R.string.encryption_pkc_text
+            else -> R.string.encryption_psk to R.string.encryption_psk_text
+        }
+        SimpleAlertDialog(title, text) { showEncryptionDialog = false }
+    }
+
     Card(
         modifier = Modifier
             .fillMaxWidth()
@@ -142,7 +156,6 @@ fun NodeItem(
                         Chip(
                             modifier = Modifier
                                 .width(IntrinsicSize.Min)
-                                .padding(end = 8.dp)
                                 .defaultMinSize(minHeight = 32.dp, minWidth = 72.dp),
                             colors = ChipDefaults.chipColors(
                                 backgroundColor = Color(nodeColor),
@@ -160,9 +173,14 @@ fun NodeItem(
                                 )
                             },
                         )
+                        NodeKeyStatusIcon(
+                            hasPKC = thatNode.hasPKC,
+                            mismatchKey = thatNode.mismatchKey,
+                            modifier = Modifier.size(32.dp)
+                        ) { showEncryptionDialog = true }
                         Text(
                             modifier = Modifier.weight(1f),
-                            text = if (thatNode.hasPKC) "🔒 $longName" else longName,
+                            text = longName,
                             style = style,
                             textDecoration = TextDecoration.LineThrough.takeIf { isIgnored },
                             softWrap = true,
diff --git a/app/src/main/java/com/geeksville/mesh/ui/components/NodeKeyStatusIcon.kt b/app/src/main/java/com/geeksville/mesh/ui/components/NodeKeyStatusIcon.kt
new file mode 100644
index 000000000..279200fb1
--- /dev/null
+++ b/app/src/main/java/com/geeksville/mesh/ui/components/NodeKeyStatusIcon.kt
@@ -0,0 +1,42 @@
+package com.geeksville.mesh.ui.components
+
+import androidx.compose.material.Icon
+import androidx.compose.material.IconButton
+import androidx.compose.material.icons.Icons
+import androidx.compose.material.icons.filled.KeyOff
+import androidx.compose.material.icons.filled.Lock
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.graphics.Color
+import androidx.compose.ui.graphics.vector.rememberVectorPainter
+import androidx.compose.ui.res.painterResource
+import androidx.compose.ui.res.stringResource
+import com.geeksville.mesh.R
+
+@Composable
+fun NodeKeyStatusIcon(
+    hasPKC: Boolean,
+    mismatchKey: Boolean,
+    modifier: Modifier = Modifier,
+    onClick: () -> Unit = {},
+) = IconButton(
+    onClick = onClick,
+    modifier = modifier,
+) {
+    val (icon, tint) = when {
+        mismatchKey -> rememberVectorPainter(Icons.Default.KeyOff) to Color.Red
+        hasPKC -> rememberVectorPainter(Icons.Default.Lock) to Color.Green
+        else -> painterResource(R.drawable.ic_lock_open_right_24) to Color.Yellow
+    }
+    Icon(
+        painter = icon,
+        contentDescription = stringResource(
+            id = when {
+                mismatchKey -> R.string.encryption_error
+                hasPKC -> R.string.encryption_pkc
+                else -> R.string.encryption_psk
+            }
+        ),
+        tint = tint,
+    )
+}
diff --git a/app/src/main/java/com/geeksville/mesh/ui/preview/NodeEntityPreviewParameterProvider.kt b/app/src/main/java/com/geeksville/mesh/ui/preview/NodeEntityPreviewParameterProvider.kt
index 155ddc3ce..58a5e6da1 100644
--- a/app/src/main/java/com/geeksville/mesh/ui/preview/NodeEntityPreviewParameterProvider.kt
+++ b/app/src/main/java/com/geeksville/mesh/ui/preview/NodeEntityPreviewParameterProvider.kt
@@ -10,6 +10,7 @@ import com.geeksville.mesh.paxcount
 import com.geeksville.mesh.position
 import com.geeksville.mesh.telemetry
 import com.geeksville.mesh.user
+import com.google.protobuf.ByteString
 import kotlin.random.Random
 
 class NodeEntityPreviewParameterProvider : PreviewParameterProvider<NodeEntity> {
@@ -94,6 +95,7 @@ class NodeEntityPreviewParameterProvider : PreviewParameterProvider<NodeEntity>
             longName = "Donald Duck, the Grand Duck of the Ducks"
             shortName = "DoDu"
             hwModel = MeshProtos.HardwareModel.HELTEC_V3
+            publicKey = ByteString.copyFrom(ByteArray(32) { 1 })
         },
         longName = "Donald Duck, the Grand Duck of the Ducks",
         shortName = "DoDu",
diff --git a/app/src/main/res/drawable/ic_lock_open_right_24.xml b/app/src/main/res/drawable/ic_lock_open_right_24.xml
new file mode 100644
index 000000000..243cd83d6
--- /dev/null
+++ b/app/src/main/res/drawable/ic_lock_open_right_24.xml
@@ -0,0 +1,9 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    android:width="24dp"
+    android:height="24dp"
+    android:viewportWidth="960"
+    android:viewportHeight="960">
+    <path
+        android:fillColor="@android:color/white"
+        android:pathData="M240,800h480v-400L240,400v400ZM480,680q33,0 56.5,-23.5T560,600q0,-33 -23.5,-56.5T480,520q-33,0 -56.5,23.5T400,600q0,33 23.5,56.5T480,680ZM240,800v-400,400ZM240,880q-33,0 -56.5,-23.5T160,800v-400q0,-33 23.5,-56.5T240,320h280v-80q0,-83 58.5,-141.5T720,40q83,0 141.5,58.5T920,240h-80q0,-50 -35,-85t-85,-35q-50,0 -85,35t-35,85v80h120q33,0 56.5,23.5T800,400v400q0,33 -23.5,56.5T720,880L240,880Z" />
+</vector>
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index bf561f7a8..bbd4f8320 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -232,4 +232,10 @@
     <string name="ch_util_definition">Utilization for the current channel, including well formed TX, RX and malformed RX (aka noise).</string>
     <string name="air_util_definition">Percent of airtime for transmission used within the last hour.</string>
     <string name="iaq">IAQ</string>
+    <string name="encryption_psk">Shared Key</string>
+    <string name="encryption_psk_text">Direct messages are using the shared key for the channel.</string>
+    <string name="encryption_pkc">Public Key Encryption</string>
+    <string name="encryption_pkc_text">Direct messages are using the new public key infrastructure for encryption. Requires firmware version 2.5 or greater.</string>
+    <string name="encryption_error">Public key mismatch</string>
+    <string name="encryption_error_text">The public key does not match the recorded key. You may remove the node and let it exchange keys again, but this may indicate a more serious security problem. Contact the user through another trusted channel, to determine if the key change was due to a factory reset or other intentional action.</string>
 </resources>