The Security section is used for managing key entries and device certificates for KNX Secure.
Background information
ETS projects with KNX Secure always require a project password. Without this, all the keys in use would be visible in the exported project (on the Security tab or in the XML structure).
- ETS projects with KNX Secure enabled always require the input of the project password when the project is imported, exported or opened.
- If a project that is currently not a KNX Secure project becomes a KNX Secure project for the first time, for example if a KNX Secure device is added to the project, a project password shall be given (if none has been given yet).
Device certificates
Devices which support KNX Secure require additional information for this. It is provided by the KNX manufacturers along with these devices.
- The contents of a device certificate include the serial number (6 characters) and the factory key (16 characters) of a KNX Secure device, yielding a 24 character string when they are put together.
- The assignment of a device certificate or of the factory key contained in it to a device in the project is ultimately transferred via the serial number.
- Once a certificate is added for a device, the device can still operate in plain, if decided like that by the ETS user, i.e. turning the 'Secure Commissioning' feature 'Off'
Example of a device certificate
Display
The following information is displayed in ETS.
Name | Description |
Device | This field is initially blank after import of the certificate. When a device is used in a project and is initially downloaded, there is a comparison of the Serial Number read from the device with those from the device certificates. When there is a match, the Individual Address or the name of the device is then visible here. |
Serial Number | Unique Device Hardware ID |
Factory Key (FDSK) | Initial key from the factory; different for every KNX Secure device. |
Functions
Name | Description |
Backup keyring |
This function allows the export of complete key datasets (keyring) from the associated project so that they can be used in a visualization, for example, or to archive them additionally (outside the project).
|
Add device certificate |
Triggers the add certificate dialog so that a certificate can be added. It's possible to either scan the certificates (by means of QR-Code) or manually adding the code (either typing it or pasting it). Entering '0' or '1' as a Base32 character is not possible (to prevent a mix-up with uppercase 'O' or 'I').
|
Delete |
Deletes a selected certificate. Deletion is disabled if the corresponding device has been previously securely downloaded (initial Factory Key needs to be preserved for ETS, e.g. for reprogramming after device - reset) |