Security key modification#
The network key and an application link key can be changed while the network is operating, as described below.
Network key modification#
It is possible to store more than one network key on a node, although only one key can be active at any one time. Each network key is identified by means of a unique ‘key sequence number’ assigned by the Trust Centre application.
A new network key can be installed in a node in one of two ways:
Distributed by the Trust Centre to one or multiple nodes of the network using the function zps_eAplZdoTransportNwkKey(), which requires the associated key sequence number to be specified
Requested from the Trust Centre by calling the function
zps_eAplZdoRequestKeyReq() on the node that needs the network key
On reaching its destination(s), the transported key is automatically saved but not activated. A stored network key can be adopted as the active key using the function zps_eAplZdoSwitchKeyReq(), which is called on the Trust Centre and which identifies the required key by means of its unique sequence number.
Parent topic:Security key modification
Application link key modification#
An application link key can be introduced or replaced by the application using zps_eAplZdoAddReplaceLinkKey(). If a link key already exists for the same node- pair, it will be replaced by the new link key. The function must be called on both nodes in the pair.
Parent topic:Security key modification
Parent topic:Implementing ZigBee security