Skip to main content

Search

Project details

      Security

      Vassilios Lourdas
      • Updated

      The Security section is used for managing key entries and device certificates for KNX Secure.

      Project_Security.png

      Background information

      ETS projects with KNX Secure always require a project password. Without this, all the keys in use would be visible in the exported project (on the Security tab or in the XML structure).

      • ETS projects with KNX Secure enabled always require the input of the project password when the project is imported, exported or opened.
      • If a project that is currently not a KNX Secure project becomes a KNX Secure project for the first time, for example if a KNX Secure device is added to the project, a project password shall be given (if none has been given yet).

      Device certificates

      Devices which support KNX Secure require additional information for this. It is provided by the KNX manufacturers along with these devices.

      • The contents of a device certificate include the serial number (6 characters) and the factory key (16 characters) of a KNX Secure device, yielding a 24 character string when they are put together.
      • The assignment of a device certificate or of the factory key contained in it to a device in the project is ultimately transferred via the serial number.

      Example of a device certificate

      Project_Security_Device_Certificate_Example.png

      Display

      The following information is displayed in ETS.

      Name Description
      Device This field is initially blank after import of the certificate. When a device is used in a project and is initially downloaded, there is a comparison of the Serial Number read from the device with those from the device certificates. When there is a match, the Individual Address or the name of the device is then visible here.
      Serial Number Unique Device Hardware ID
      Factory Key (FDSK) Initial key from the factory; different for every KNX Secure device.

       

      Functions

      Name Description
      Backup keyring

      This function allows the export of complete key datasets (keyring) from the associated project so that they can be used in a visualization, for example, or to archive them additionally (outside the project).

      • A password for securing the security relevant data in the export file is required for this, and it is requested before the export (it will not encrypt the file itself, but the security relevant data in this file with the password).
      • The same password guidelines apply as for the project password.
      Add device certificate

      Triggers the add certificate dialog so that a certificate can be added. It's possible to either scan the certificates (by means of QR-Code) or manually adding the code (either typing it or pasting it).

      Entering '0' or '1' as a Base32 character is not possible (to prevent a mix-up with uppercase 'O' or 'I').

      All legal characters pasted into the device certificate field will be displayed upper case. Pasting a string containing illegal characters might result in a device certificate field not fully filled. When the pasted string (after filtering) is longer then 36 character, only the first 36 characters will be pasted into the device certificate field and the following characters will be ignored
      Delete

      Deletes a selected certificate.

      Deletion is disabled if the corresponding device has been previously securely downloaded (initial Factory Key needs to be preserved for ETS, e.g. for reprogramming after device - reset)

       

      Related articles

      Didn't find what you were looking for?
      Submit a request Community