The Security section is used for managing key entries and device certificates for KNX Secure.
The Security section is shown as below when the project is not yet opened in ETS:
The Security section is shown as below when the project is opened in ETS:
Background information
ETS projects with KNX Secure always require a project password. Without this, all the keys in use would be visible in the exported project (on the Security tab or in the XML structure).
- ETS projects with KNX Secure enabled always require the input of the project password when the project is imported, exported or opened.
- If a project that is currently not a KNX Secure project becomes a KNX Secure project for the first time, for example if a KNX Secure device is added to the project, a project password shall be given (if none has been given yet).
Device certificates
Devices which support KNX Secure require additional information for this. It is provided by the KNX manufacturers along with these devices.
- The contents of a device certificate include the serial number (6 characters) and the factory key (16 characters) of a KNX Secure device, yielding a 24 character string when they are put together.
- The assignment of a device certificate or of the factory key contained in it to a device in the project is ultimately transferred via the serial number.
- Once a certificate is added for a device, the device can still operate in plain, if decided like that by the ETS user, i.e. turning the 'Secure Commissioning' feature 'Off'
Example of a device certificate
Display
The following information is displayed in ETS.
| Name | Description |
| Device |
This field is initially blank after import of the certificate. When a device is used in a project and is initially downloaded, there is a comparison of the Serial Number read from the device with those from the device certificates. When there is a match, the Individual Address or the name of the device is then visible here. Note: This column is not shown when the project is not opened. |
| Serial Number | Unique Device Hardware ID |
| Factory Key (FDSK) | Initial key from the factory; different for every KNX Secure device. |
Functions
| Name | Description |
| Backup keyring |
This function allows the export of complete key datasets (keyring) from the associated project so that they can be archived additionally (outside the project).
Note: This column is disabled when the project is not opened. |
| Add device certificate |
Triggers the add certificate dialog so that a certificate can be added. It's possible to either scan the certificates (by means of QR-Code) or manually adding the code (either typing it or pasting it). Note: This column is disabled when the project is not opened. Entering '0' or '1' as a Base32 character is not possible (to prevent a mix-up with uppercase 'O' or 'I').
|
| Import Keyring |
This function allows the import of device certificates and serial numbers from a file in the keying format (.knxkeys) For more information about the keyring file format see here. Note: This column is disabled when the project is not opened. |
| Delete |
Deletes a selected certificate. Deletion is disabled if the corresponding device has been previously securely downloaded (initial Factory Key needs to be preserved for ETS, e.g. for reprogramming after device - reset) Note: This column is disabled when the project is not opened. |