General information
There are three different kind of encryption mode in DLMS meters. Security Suite 0, that is using GMAC for encryption. Security Suite 1, that is using NIST P-256 for encryption and
Security Suite 2 that is using NIST P-384 for encryption.
Security Setup object of the meter will tell what encryption mode your meter is using. Just read Security Setup object and check Suite-parameter. You don't need public/private key pair if your meter is using GMac.
If your meter is using NIST P-256 or NIST P-384, you need to generate private key for the client and then you need to Generate certificate request and ask new x509Certificate.
Client's x509 Certificate is then transported to the meter. You can see list of meter's certificates when you read Security Setup object.
DLMS meters are using two different kind of certificates.
- Digital Signature
- Key Agreement
Digital Signature key pair
Digital Signature key is used when ECDSA authentication is used or
sign the data with Ephemeral Unified Model or One-pass Diffie-Hellman schema.
Digital authentication key
Digital authentication key is used to encrypt the data when One-pass Diffie-Hellman or Static Unified Mode scheme.
Private keys
Generate
Using Generate you can generate a new Private key. Private key is saved in PKCS #8 format.
If you have Open SSL generated private key and you want to convert it to the PKCS #8 format you can just add your private key to the Prove key text box and press "Convert"-button.
Add
Using add you can add your exists private key to the GXDLMSDirector.
Rename
Change your private key file name.
Get certificate
When you have private key you need to generate the Certificate Signing Request (CSR) in PKCS #10 format and send it for a CA to generate a Certificate.
Gurux will use own service to generate the Certificate. Note that there is a limit how many certificates you can do a day.
Info
Private key information.
Remove
Remove your private key from GXDLMSDirector.
Public keys
The common error is generate a new public/private key pair for the meter and then generate a new certificate. Then there are two certificates for the meter available in the client side. For this reason the background of the row is yellow if there are multiple public keys for the same system title with the same key usage. Background is red if certificate is invalid and load failed.
Generate
Using Generate you can generate a new x509 Certificate from PKCS #10. If you don't have x509 PKCS #10 you can import your private key and ask Gurux Certification server to generate a new certificate.
If you have Open SSL generated private key and you want to convert it to the PKCS #8 format you can just add your private key to the Prove key text box and press "Convert"-button.
Give system title and then press "Get"-button. Now select private key and press "Open". Generated PKCS #10 is shown in the text box.
Pressing "Save" button GXDLMSDirector will ask a new certificate from the Gurux Certificate generator and a new certificate is saved for later use.
Add
Using add you can add your exists certificate to the GXDLMSDirector. Certificate format must be x509.
Rename
Change your certificate key file name.
Info
Certificate information.
Copy System Title
Copy system title to the clipboard.