Before commenting read Forum rules
Don't comment the topic if you have a new question.
You can create a new topic selecting correct category from Gurux Forum and then create a new topic selecting "New Topic" from the top left.
Forums
Hii,
I am testing suite1 with digital signing but authentication get failed.
while observing AARQ frame sent by the gurux i found that the frame does not have digital signing tag,signature.
Also i think you missed invocation counter request in log.
following is the log for invocation counter:
12:50:22 Send SNRM request.
TX: 7E A0 23 00 02 BA 69 21 93 9C 9B 81 80 14 05 02 01 F5 06 02 01 F2 07 04 00 00 00 01 08 04 00 00 00 01 2C 01 7E
12:50:23
RX: 7E A0 23 21 00 02 BA 69 73 D8 87 81 80 14 05 02 01 F2 06 02 01 F5 07 04 00 00 00 01 08 04 00 00 00 01 42 69 7E
12:50:23 Send AARQ request.
TX: 7E A0 2E 00 02 BA 69 21 10 40 03 E6 E6 00 60 1D A1 09 06 07 60 85 74 05 08 01 01 BE 10 04 0E 01 00 00 00 06 5F 1F 04 00 20 1C 1D FF FF 22 BD 7E
12:50:23
RX: 7E A0 46 21 00 02 BA 69 30 61 A3 E6 E7 00 61 35 A1 09 06 07 60 85 74 05 08 01 01 A2 03 02 01 00 A3 05 A1 03 02 01 00 A4 0A 04 08 33 44 4C 07 02 20 00 59 BE 10 04 0E 08 00 06 5F 1F 04 00 00 10 10 02 00 00 07 8D 76 7E
12:50:23
Tx: ==> Seems that you missed to log
RX: 7E A0 18 21 00 02 BA 69 52 9B 17 E6 E7 00 C4 01 C1 00 06 00 00 1C A9 87 1C 7E
12:50:23 Disconnect request
TX: 7E A0 0A 00 02 BA 69 21 53 2A 7F 7E
12:50:23
RX: 7E A0 0A 21 00 02 BA 69 73 62 A5 7E
Following the the log for the suite1:
12:50:23 Send SNRM request.
TX: 7E A0 23 00 02 BA 69 61 93 FA DD 81 80 14 05 02 01 F5 06 02 01 E4 07 04 00 00 00 01 08 04 00 00 00 01 12 46 7E
12:50:23
RX: 7E A0 23 61 00 02 BA 69 73 09 85 81 80 14 05 02 01 E4 06 02 01 F5 07 04 00 00 00 01 08 04 00 00 00 01 81 01 7E
12:50:23 Send AARQ request.
TX: 7E A0 6E 00 02 BA 69 61 10 20 82 E6 E6 00 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 31 32 33 34 35 36 37 38 8A 02 07 80 8B 07 60 85 74 05 08 02 02 AC 12 80 10 3C 02 4A 50 49 10 45 2F 45 49 58 63 22 14 64 4B BE 23 04 21 21 1F 31 00 00 1C AA 90 EF F7 D0 83 46 33 6D 93 4A CB 43 69 E7 E0 37 21 B2 CA 3D 6D EE E4 17 0E 97 95 B8 7E
12:50:23
RX: 7E A0 30 61 00 02 BA 69 30 31 E8 E6 E7 00 61 1F A1 09 06 07 60 85 74 05 08 01 03 A2 03 02 01 01 A3 05 A1 03 02 01 0B BE 06 04 04 0E 01 06 00 22 AA 7E
12:50:24
RX: 7E A0 0A 61 00 02 BA 69 73 B3 A7 7E
Also attached the settings snaps.
BR,
AP
Image
Hi,
Hi,
If you mean GeneralSigning by Digital signing, it is not used when the client communicates with the meter. GeneralSigning is used when 3rd party sends a request to the client. The request is signed with a digital signature.
When the client communicates with the meter, and if messages are digitally signed, data is sent using General Ciphering and One-pass Diffie-Hellman or Static Unified Model.
You can get more info from this from Green Book:Exchanging protected xDLMS APDUs between TP and server.
BR,
Mikko
Hii,
Hii,
Thank you very much!!! :)
BR,
AP
Hii Sir,
Hii Sir,
Good Morning!!!
I gone through the Annex D of green book.
As per annex D page number 484 there is following note:
NOTE The protection to be applied by each party is subject to project specific companion specifications, but the overall protection shall meet the security policy configured in the server.
For example, the server would accept any of the following:
-(1) digital signature applied by the TP and authentication applied by the client;
-(2) authentication applied by the TP and digital signature applied by the client;
-(3) both digital signature and authentication applied by the client;
-(4) both digital signature and authentication applied by the TP.
as per point number 3 server should accept both digital signature and authentication applied by the client.
Our meter is able to accept both digital signature and authentication applied by the client but gurux not using this type so that we are unable to test suite1 with gurux.
can please help to provide digital signature and authentication?
BR,
AP
Hii Sir,
Hii Sir,
We are using general-signing APDU's.
BR,
AP
Hi,
Hi,
None of our clients is not using GeneralSigning at the meter, but support for GeneralSigning can be added, but it is released in August.
BR,
Mikko
Hii,
Hii,
Thanks!!!
is gurux root certificate changed ?
because all new certificate generated get filed because of signature verification using the following gurux roor certificate:
-----BEGIN Gurux_Root_CA_Cert_New Copy.cer-----
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlCMURDQ0FYdWdBd0lCQWdJ
RGxFWVBNQW9HQ0NxR1NNNDlCQU1DTUU0eEZEQVNCZ05WQkFNTUMxSnZiM1FnDQpR
MEVnTWpVMk1SY3dGUVlEVlFRS0RBNUhkWEoxZUNCVFpXTjFjbWwwZVRFUU1BNEdB
MVVFQnd3SFZHRnRjR1Z5DQpaVEVMTUFrR0ExVUVCaE1DUmtrd0hoY05NakV3TVRB
eE1EQXdNREF3V2hjTk5EQXdNVEF4TURBd01EQXdXakJPDQpNUlF3RWdZRFZRUURE
QXRTYjI5MElFTkJJREkxTmpFWE1CVUdBMVVFQ2d3T1IzVnlkWGdnVTJWamRYSnBk
SGt4DQpFREFPQmdOVkJBY01CMVJoYlhCbGNtVXhDekFKQmdOVkJBWVRBa1pKTUZr
d0V3WUhLb1pJemowQ0FRWUlLb1pJDQp6ajBEQVFjRFFnQUU0Z1FkL1NYZFhUTDdY
Zm9BMEM0ZVFTMWNoR2o4ek4rZVlzZENiUWFVUFZIVEZNbUZaSzFmDQpPN3NCSnl5
SnNiYVpldXhLMW84ZkJaVHVJdG5qRVJIam5hTklNRVl3S1FZRFZSME9CQ0lFSUg2
UkxCY3RYVmpmDQpXY05yRFozWFhJR0V1SkpONVJ0MVlrQnNKQ1Q3SjdBTE1Bd0dB
MVVkRXdFQi93UUNNQUF3Q3dZRFZSMFBCQVFEDQpBZ0VHTUFvR0NDcUdTTTQ5QkFN
Q0EwY0FNRVFDSUNXdURkSXNacnd3cFIzVk82d3NvaCs3SWthSFh5R25GczJxDQpq
WXkxZC90akFpQU1QM2NXMVZaaVhURnNGMURIWWZZQVphNlU3R3ZhRHRBYmhicHZk
aDZOR2c9PQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0K
-----END Gurux_Root_CA_Cert_New Copy.cer-----
can add the notification if gurux root certificate get changed with link to get modified root certificate?
BR,
AP
Hi,
Hi,
I'm sorry, but it is changed. There was an error in the P-384 certificate and both certificates were accidentally re-genererated. CI is now improved and the root certificate is not re-generated anymore.
BR,
Mikko
Hii,
Hii,
Thanks!!!
Can provide the link to get new root certificate.
BR,
AP
Hi,
Hi,
https://certificates.gurux.fi/api/CertificateGenerator
BR,
Mikko
Hii Sir,
Hii Sir,
Thanks!!!
Sorry for bothering you!!!
Every time forgot to google for the Gurux Root certificate.
BR,
AP