Below is the format for keyring file.
The FDSK is encrypted and decryption is explained in article here.
and once FDSK is encrypted, sign the entire format by following below procedure.
Signature Generation:
The signature over the keyring file is generated and verified similar to the hash/signature generation for KNX product data:
- Into a .NT BinaryWriter (sAttributeStream), write in this order (omitting Keyring/@Signature):
-foreach Element
a. char(0x01)
b. Element Name (without any XML namespace)*
c. foreach Attribute, ordered by Attribute Name
-Attribute Name with leading length byte*
-Attribute Value with leading length byte*
d. recursively process possible child elements
e. char(0x02)
2. Base64( PBKDF2( HMAC-SHA256, KeyringPassword, "1.keyring.ets.knx.org", 65536, 128))*
3. Signature = MSB128( SHA256( sAttributeStream))
Note: Element and attribute names as well as attribute values and the base64 password hash are all written a leading length byte. Empty attribute values are written as length value 0x00.