In case the elements contained in the ETS project keyring file shall be used outside ETS and outside Falcon SDK, the following decryption algorithms ('pseudo code') depending on the element shall be applied:
IP Backbone
- BackboneKey = AES128-CBC( A1, A2, A3, A4 )
- A3 = Project.BackboneKey
Tunneling Interfaces
- Password = AES128-CBC( A1, A2, A3, A4 )
- A3 = RandomBytes( A31 ) + PKCS#7( Device.BusAccess( IA ).Password, A32 ))
- Authentication = AES128-CBC( A1, A2, A3, A4 )
- A3 = RandomBytes( A31 ) + PKCS#7( Device.AuthenticationCode, A32 )
IP Devices
- ManagementPassword = AES128-CBC( A1, A2, A3, A4 )
- A3 = RandomBytes( A31 ) + PKCS#7( Device.ManagementPassword, A32 )
- Authentication = AES128-CBC( A1, A2, A3, A4 )
- A3 = RandomBytes( A31 ) + PKCS#7( Device.AuthenticationCode, A32 )
Devices
- ToolKey = AES128-CBC( A1, A2, A3, A4 )
- A3 = Device.ToolKey
Group Addresses
- Key = AES128-CBC( A1, A2, A3, A4 )
- A3 = GroupAddress.Key
Details
- A1 = PBKDF2( A11, A12, A13, A14, A15 )
- A11 = HMAC-SHA256 // 'PRF'
- A12 = keyring password
- A13 = "1.keyring.ets.knx.org" // 'salt'
- A14 = 65536 // number of iterations
- A15 = 128 // bit-length of the derived key
- A2 = SHA256( A21, A22)
- A21 = keyring 'creation' attribute (from the file)
- A22 = 128 // most significant bits
- A3 = encrypted data
- A31 = 8 // number of random bytes
- A32 = 24 // number of padding bytes
- A4 = SHA256