Device / HostSecurity / Key Value
Defines a key for every security level. This key has to be used when working encrypted.
These values can be set directly since firmware version 1100 v2.20.00. ConfigEditor applies a special mapping mechanism for these values that allows also previous firmware versions to store the access conditions in the configuration memory.
Level 0 will never use keys, since it always works unencrypted.
Properties
- Value ID: 0x0288/0x81 - 0x84
Format
| Name | Type/Size | Description | |
|---|---|---|---|
| AuthenticationMode | Bit mask (8 bits) | Specifies a minimum of security requirements, when working in this security level | |
| RequireContinuousIv | Boolean (bit 0x80) | Initialvector of CBC encryption is not reset between commands. This prevents replay attacks during a single session but makes the connection more sensible to communication errors. | |
| RequireEncrypted | Boolean (bit 0x40) | Commands are transferred encrypted. No man in the middle can read the data | |
| RequireMac | Boolean (bit 0x20) | A Cryptographic Signature is attached to every command. No man in the middle can inject its own commands | |
| RequireSessionKey | Boolean (bit 0x10) | 3-pass authentication and sessionkey generation | |
| RFU | Integer (bit mask area 0x0F) | Zero padding | |
| DeriveKeyId | Integer (8 bits) |
This value is not used and must be 0. Until firmware v2.14.00, this value referenced the key of the security level, which was used to derive the key in AesKey. Since firmware v2.20.00, this feature is no longer supported. |
|
| AesKey | Raw data (until end of frame) | A 16 Byte AES Key | |