-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[knx] support for KNX secure #8872
Comments
I have already been playing around with this and willing to implement. If anyone is already working on this topic or wants to give some advice, it would be appreciated. |
* use Calimero library in latest version 2.5-SNAPSHOT (needs to be installed locally, mvn install) (to be replaced once a release is available) * add config options for keyring file(s) and password(s) * add tests for security functions Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-SNAPSHOT (needs to be installed locally, mvn install) (to be replaced once a release is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder, SAL required modification of Calimero lib Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
If there is no immediate need (i.e. bugs or security issues), we usually don't use snapshots of dependencies. Do you happen to know when Calimero 2.5 will be released? And thanks for the offer to implement that. |
@J-N-K thanks for letting me know. My PR is still WIP and far from finished. Decrypting secure PDUs using the exported keyring from ETS works fine with the Calimero snapshot. |
If you need help regarding the openHAB side, please ping me. |
* use Calimero library in latest version 2.5-SNAPSHOT (needs to be installed locally, mvn install) (to be replaced once a release is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder, SAL required modification of Calimero lib Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-SNAPSHOT (needs to be installed locally, mvn install) (to be replaced once a release is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder, SAL required modification of Calimero lib Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-SNAPSHOT (needs to be installed locally, mvn install) (to be replaced once a release is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder, SAL required modification of Calimero lib Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
Looks like Calimero got a milestone release ready. Following a release candidate some what soon. (Ref) |
This issue has been mentioned on openHAB Community. There might be relevant details there: https://community.openhab.org/t/enable-knx-binding-to-use-knx-ip-secure/13785/4 |
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder * build for OH 302 and 31x Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder * build for OH 302 and 31x Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add config options for keyring file(s) and password(s) * add initial support for reading secure traffic * add tests for security functions Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add config options for keyring file(s) and password(s) * add initial support for reading secure traffic * add tests for security functions Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* use Calimero library in latest version 2.5-M1 (to be replaced once release 2.5 is available) * add config options for keyring file(s) and password(s) * add tests for security functions * TODO replace ProcessCommunicationResponder * build for OH 302 and 31x Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add support for KNX IP Secure, new options SECURETUNNEL and SECUREROUTER * add config options for keyring file and password, and credentials for secure connections * add passive (listening only) access for KNX data secure frames * add tests for security functions * add useCEMI option for newer serial devices like KNX RF sticks, kBerry, etc. * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
I have put together a version which actually supports IP secure, i.e. secure tunneling (tested) and secure routing (untested). I could need help testing this, especially the secure routing feature as I do not have a secure router at hand. WDYT? |
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* [knx] Add support for KNX IP Secure * add support for KNX IP Secure, new options SECURETUNNEL and SECUREROUTER, refers to openhab#8872 * add config options for credentials for secure connections * update user documentation * add test cases Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* [knx] Add support for KNX IP Secure * add support for KNX IP Secure, new options SECURETUNNEL and SECUREROUTER, refers to openhab#8872 * add config options for credentials for secure connections * update user documentation * add test cases Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
This issue has been mentioned on openHAB Community. There might be relevant details there: |
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
* add passive (listening only) access for KNX Data Secure frames, openhab#8872 * add config options for KNX keyring file and password * ease setup if IP Secure, as required parameters can be read from keyring * add tests for security functions * update user documentation Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
@holgerfriedrich Do you think you can implement data secure write and triggered read for openHAB 5? |
Hopefully. I do not know what is going on. I had the feeling that it once worked at least partially - a long time ago. Could not make it work on my current setup. I will need more time to dig into this. Specs are still not publicly available. Maybe I need to create a minimal example just with Calimero. Could need some help :-) |
Thanks for the update — does Calimero itself support data secure write and triggered read? Wrt to help: Unfortunately I have no data secure setup available for testing, but I could help with reviewing code. |
Reading and writing authenticated KNX packets should be possible.
Using an encrypted connection to a IP secure interface or an IP secure router shall be possible.
Calimero library seems to have all the necessary prerequisites at hand in latest version (2.5M1).
The process includes exporting an encrypted keyring from ETS software, decrypt it using the Calimero library functions in the OH knx binding, and use the corresponding group address keys from the keyring file.
Prerequesites
Suggested Approach
The text was updated successfully, but these errors were encountered: