JMD P1 Eport-E20 and AES key

[admin]

For some needed a key to read the P1 meter such as Luxembourg.
To setup read this:

Login to your P1 reader.
Select Communication settings from used P1 or P2

P1 Communication settings-a.jpg (70.13 KiB) 6109 keer bekeken

Now select Security and select AES.

Security AES-a.jpg (72.77 KiB) 6109 keer bekeken

Now you can put your AES key from your provider and save it.

And it should work.

Any questions: mail: support@7er.nl

[alexboss]

For some needed a key to read the P1 meter such as Luxembourg.
...

Dear JMD,

I found your post referenced in the comments on https://www.zuidwijk.com/product/p1-rea ... t/#reviews

I'm based in Luxembourg and using a P1 reader (E10 actually, not E20).

Unfortunately, I can't use the technique you shared since the key is 32 characters long (AES-GCM), and the one expected by the P1 is 16 characters long (AES).

But maybe I missed some step, could you please double-check if this technique exposed definitely work for Smart Readers in Luxembourg, and if so, which part of 16 characters from the 32 characters long AES-GCM key to use for the P1?

Thank you and best regards.

Screenshot from 2022-08-08 13-20-43.png (30.14 KiB) 6054 keer bekeken

[admin]

Dear Alexboss,

AES key's can be 128, 192 or 256 bit.

AES-CGM is only the protocol and only say how to handle.
https://isuruka.medium.com/selecting-th ... e3ebae173c

This function is build in the Eport series but only AES 128 bit .
When I look to the Luxembourg meter it is also AES 128 bit
The manual describe:

3.2.5 P1 software – Channel security
The P1 protocol is a plain text protocol: it is required to secure the link to ensure end user data confidentiality.
In deviation to DSMR P1, an encryption layer is added over the P1 protocol.
This encryption layer is based on DLMS security suite 0 algorithm: AES128-GCM
This channel has its own separate security context: a separated encryption key and a dedicated frame counter.
The parameters used for the encryption algorithm are the following:
• IV is 96 bits = system-title (64 bits) || frame counter (32 bits)
• AAD is 17 bytes = 30h || 00112233445566778899AABBCCDDEEFFh
• tag length is 96 bits long
AAD is used the same way as in DLMS suite 0 with a fixed "Authentication key". This is mainly to stay as close as possible to existing DLMS implementation and achieve better interoperability with IHD devices: although the Green book makes the AK optional, most implementations use it.
Encrypted data (with its tag) is sent in binary form on the serial link, using a general-glo-ciphering frame:
DBh || 08h(system-title length) || system-title || (length of the subsequent bytes: 17 + length of data) || 30h || frame counter || ciphered data || GCM tag
A security setup (class 64) instance is defined for P1 port security.
This security setup instance cannot be referenced by an Association LN instance.
The attribute 2 is used to toggle on and off the security on P1. Only the values 0 (unencrypted) and 3 (encrypted authenticated) are permitted.

I can 't check it on this site but the length of key have to be 128 bit and the Eport can handle it.

I found some other solution:
Why decode direct?
Domoticz has it inside.

Decodekey.jpg (200.17 KiB) 6046 keer bekeken

This should work to.

Hope this helps.

JMD

[alexboss]

Dear JMD,

Thank you for your feedback.

I can 't check it on this site but the length of key have to be 128 bit and the Eport can handle it.

Indeed, the specs you provide are correct, they are from https://www.luxmetering.lu/pdf/SPEC%20- ... 210308.pdf

But I can guarantee the protocol used is AES-GCM and the length of the key is 32 characters long.

I successfully tested the reading of the meter with smartmeter2mqtt and the key was 32 characters (and it's also stipulated in the doc of smartmeter2mqtt).

As such, I think the information in this topic is not working for Luxembourg.

I found some other solution:
Why decode direct?
Domoticz has it inside.

Good remark, well, if Domoticz can directly decrypt the packets sent by the smartmeter, then it's perfect. But I'm using Home Assistant, and unfortunately there are not there yet (they support some DSMR, but the implementation for Luxembourg through P1 is not working as it should since they don't decrypt packets). We hoped this trick could work with a Slimmelezer P1 as reported here, but unfortunately it doesn't for Luxembourg.

Thanks anyway and best regards.

Alexandre

[admin]

Dear Alexandre,

I asked the home-assistant/core team if they could implement the AES key for Luxembourg. ( DSMR AES key for Luxembourg (Issue #77118))
Answer is clear: Closed #77118 as not planned.

There is no really support from the HA team.

JMD