I need the DSK of the Z/IP Gateway in order to include it into an existing Z-Wave network. How do I retrieve the DSK from the Z/IP Gateway?
Answer
The DSK can be found in the log of the Z/IP Gateway. However, notice you will find 2 different DSKs in the log:
Dynamic ECDH Public key
Static ECDH Public Key
The Dynamic key is used when including a new node into the Z/IP Gateway network. The dynamic key will change after each inclusion.
The Static key is the DSK of the Z/IP Gateway, and this is the key you need to include the Z/IP Gateway into another network with. This is typically needed during certification of a new Z-Wave Controller.
Run the command below on the target, to examine the logfile in runtime.
$ sudo tail -f /tmp/zipgateway.log
Then instruct the Z/IP Gateway to enter learn mode. The Static ECDH Public Key is printed in the log.
If developing a Z/IP Client or Z-Ware client, you can also read out the DSK and print the information on the GUI for the user. In the example below, we are using the Z-Ware Web Sample Application to set the Z/IP Gateway into learn mode, and print the DSK in the GUI.
When the DSK is known, it can be entered into the including controller; In this example we are using the PC Controller.
When the DSK in entered, the include process starts and the Z/IP Gateway is included after a short while.
I need to know which security keys the Z/IP Gateway are using in my Z-Wave Network. With these keys I can decrypt a Zniffer trace. Where are they found?
Answer
The Security Keys are found in the log of the Z/IP Gateway.
Run the command below on the target, to examine the logfile in runtime.
$ sudo tail -f /tmp/zipgateway.log
Then start the gateway service, as the keys are displayed in the beginning of the log file:
$ sudo /etc/init.d/zipgateway start
If the gateway is already running, you can just browse to the logfile and open the existing file:
$ nano /tmp/zipgateway.log
An example of a logfile is shown here:
The network keys are then listed as:
S0 Network Key
Key class 80: 0D672EB3138CDDF454C8899D1F5703FA
S2-Unauthentucated Network Key
Key class 1: E9372D386CF95E4E044DAE494C07932A
S2-Authenticated Network Key
Key class 2: 79C5EEDFCB3CDD521AC261F129B91540
S2-AccessControl Network Key
Key class 4: 9B05A8F28E3A77DCF8F2E46EB62BCF51
These keys can then be copied into the Zniffer to decrypt the trace.
Finally, it is required that the Zniffer knows the S2 singlecast nonce, which are shared during inclusion. If the trace does not include the frames from the inclusion, it is necessary to force a resynchronization between the nodes.
Z-Wave Knowledge Base
Gateway: How do I retrieve the DSK?
Question
I need the DSK of the Z/IP Gateway in order to include it into an existing Z-Wave network. How do I retrieve the DSK from the Z/IP Gateway?
Answer
The DSK can be found in the log of the Z/IP Gateway. However, notice you will find 2 different DSKs in the log:
The Dynamic key is used when including a new node into the Z/IP Gateway network. The dynamic key will change after each inclusion.
The Static key is the DSK of the Z/IP Gateway, and this is the key you need to include the Z/IP Gateway into another network with. This is typically needed during certification of a new Z-Wave Controller.
Run the command below on the target, to examine the logfile in runtime.
Then instruct the Z/IP Gateway to enter learn mode. The Static ECDH Public Key is printed in the log.
If developing a Z/IP Client or Z-Ware client, you can also read out the DSK and print the information on the GUI for the user. In the example below, we are using the Z-Ware Web Sample Application to set the Z/IP Gateway into learn mode, and print the DSK in the GUI.
When the DSK is known, it can be entered into the including controller; In this example we are using the PC Controller.
When the DSK in entered, the include process starts and the Z/IP Gateway is included after a short while.
Related KBs
Secure S2 DSK
Gateway: Where to find the Security Keys?
Gateway: Where to find the Security Keys?
Question
I need to know which security keys the Z/IP Gateway are using in my Z-Wave Network. With these keys I can decrypt a Zniffer trace. Where are they found?
Answer
The Security Keys are found in the log of the Z/IP Gateway.
Run the command below on the target, to examine the logfile in runtime.
Then start the gateway service, as the keys are displayed in the beginning of the log file:
If the gateway is already running, you can just browse to the logfile and open the existing file:
An example of a logfile is shown here:
The network keys are then listed as:
These keys can then be copied into the Zniffer to decrypt the trace.
Finally, it is required that the Zniffer knows the S2 singlecast nonce, which are shared during inclusion. If the trace does not include the frames from the inclusion, it is necessary to force a resynchronization between the nodes.
Related KBs
Decrypt S2 frames in Zniffer trace