Device / HostSecurity / Key Value
Defines a Key for every security Level. This key has to be used when working encrypted.
Level 0 will never use keys, since it always works unencrypted.
Properties
- Value ID: 0x0288/0x81 - 0x84
- Default value: RequireSessionKey|RequireEncrypted|RequireContinuousIv \0 \0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Format
| Name | Type/Size | Description | |
|---|---|---|---|
| AuthenticationMode | Bit mask (8 bits) | Specifies a minimum of security requirements, when working in this security level | |
| RequireContinuousIv | Boolean (bit 0x80) | Initialvector of CBC encryption is not reset between commands. This prevents replay attacks during a single session but makes the connection more sensible to communication errors. | |
| RequireEncrypted | Boolean (bit 0x40) | Commands are transferred encrypted. No man in the middle can read the data | |
| RequireMac | Boolean (bit 0x20) | A Cryptographic Signature is attached to every command. No man in the middle can inject its own commands | |
| RequireSessionKey | Boolean (bit 0x10) | 3-pass authentication and sessionkey generation | |
| RFU | Integer (bit mask area 0x0F) | Zero padding | |
| DeriveKeyId | Integer (8 bits) | If this value is not 0 the following Key is not used directly, but encrypted by the key currently stored at security level DeriveKeyId. | |
| AesKey | ASCII string (until end of frame) | A 16 Byte AES Key | |