cotugno/zigbee2mqtt
2
Fork 0
mirror of https://github.com/Koenkk/zigbee2mqtt.git synced 2024-11-17 02:48:31 -07:00
Code Issues Packages Projects Releases Wiki Activity

Update how_to_secure_network.md (#963)

Browse Source 
* Update how_to_secure_network.md

Make clear that the key consists of 16 hex values and gave an example how to generate a key with command line tools.

* Clarified info about network key notation

* clarified network key notation (dec or hex)

* Update how_to_secure_network.md

Make clear that the key consists of 16 hex values and gave an example how to generate a key with command line tools.

* Remove trailing comma. #916
This commit is contained in:
Bruceforce 2019-01-31 19:09:49 +01:00 committed by Koen Kanters
parent 9d61184013
commit 5bee8ccafe
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docs/how_tos/how_to_secure_network.md
View File

@ -1,16 +1,25 @@
# How to secure your Zigbee network
By default your Zigbee network isn't as secured as possible. The following settings are recommeded to apply to your configuration.
## Disabled joining
To disable joining it's important that `permit_join: false` is set in your `configuration.yaml`.
## Disable joining
To disable joining it's important that `permit_join: false` is set in your `configuration.yaml`. Otherwise rogue devices are able to join allowing them to send and receive Zigbee traffic.
## Change Zigbee network encryption key
**Changing the key requires repairing of all devices!**
Zigbee2mqtt uses a default encryption key. Therefore it is recommended to use a different one. To use a different encryption key add the following to you `configuration.yaml`:
Zigbee2mqtt uses a known default encryption key. Therefore it is recommended to use a different one. To use a different encryption key add the following to your `configuration.yaml`:
**Do not use the following key.**
**Do not use this exact key.**
```
advanced:
network_key: [7, 3, 5, 7, 9, 11, 13, 15, 0, 2, 4, 6, 8, 11, 12, 13],
network_key: [7, 3, 5, 7, 9, 11, 13, 15, 0, 2, 4, 6, 8, 11, 12, 13]
```
The network encryption key size is `128-bit` which is essentially 16 decimal values between `0` and `255` or 16 hexadecimal values between `0x00`and `0xFF`.
If you need to transform your decimals to hexadecimals (or vice versa) please use a [converter](https://www.binaryhexconverter.com/decimal-to-hex-converter). Example: 92 (decimal) would become 5C (hexadecimal).
You can generate a valid key with the following command in most linux systems:
```
dd if=/dev/urandom bs=1 count=16 2>/dev/null | od -A n -t x1 | awk '{printf "["} {for(i = 1; i< NF; i++) {printf "0x%s, ", $i}} {printf "0x%s]\n", $NF}'
```