I am a C++ client using DLMS to talk to a DLMS Smart Meter via Serial connection.
Is there a way (preferably a standard way) with DLMS function calls to verify the HLS-5 keys that I think the meter is using is actually the same HLS-5 keys it is using?
For security reasons, I assume the best way to do this is to compare a hash of the keys or by comparing the hash of a mutually known string that has been encrypted by the meter and by me and directly comparing those encrypted byte arrays?
Are there any function calls/DLMS sequences I can use to determine if our keys match?
Thank you!
Hi, The GMAC (HLS-5) keys …
Hi,
The GMAC (HLS-5) keys (block cipher and authentication keys are 16 or 32 bytes long random values and there is no way to verify them.
GMAC uses symmetric ciphering. This means that the client and the meter MUST use the same keys. If the keys differ, the meter can't decrypt the data and returns an error.
BR,
Mikko
Hi Mikko, Thank you very…
Hi Mikko,
Thank you very much for the information.
I was particularly interested in one thing you said: "If the keys differ, the meter can't decrypt the data and returns an error."
What possible errors will a DLMS-compliant meter return?
Is it more than TRUE or FALSE?
Is there a list of error codes it will return?
Perhaps the list is enumerated in an enum?
Thank you!
Hi, If client and server …
Hi,
If client and server (meter) block cipher keys are different the decrypted data can be anything and it's not possible to know if the data is corrupted or are the keys wrong.
For this reason, the data is authenticated with an authentication key. Authenticated data is compared on decrypt and if compare fails the server returns usually DecipheringError. There are also meters that don't return anything if decrypt fails.
BR,
Mikko