I have a Chirpstack integrated with Postgresql (chrpstack_as_events).
I need to decrytp my endpoints DATA - each one has an individual AES key that encrypt DATA, so what I see in database BYTEA field needs to be decrypt before decoding.
How can I manage this in chirpstack application server? I can’t see any place to pase AES key for each device. Maybe I should use Postgresql database to decrypt them? I could put AES key in other table and join it with a table device_up while decrypting?
Please let me know what would be the best option…
If your device is LoRaWAN certified (or at least implemented according to the LoRaWAN specification), then all data exposed by the uplink events is already decrypted using the AppSKey.
If your device has implemented its own encryption scheme on top of the LoRaWAN encryption, then you need to implement this in your own application handling the data forwarded by ChirpStack.
Thanks for your help.
In my case each end-device also encrypt DATA field by individual key (128 bit AES). In Chirpstack I see all LoRaWAN frames and device data decode by AppSKey - but in device data field DATA looks like:
In integrated PostgreSQL database (chrpstack_as_events) table device_up contains field DATA (BYTEA) where it is shown like
select DATA from device_up:
When I try to decrypt this field DATA via pgcrypto extension in PostgreSQL:
SELECT decrypt (DATA, ‘key’, ‘aes’) from device_up;
I recive ERROR: decrypt error: Data not a multiple of block size.
Maybe I try do decrypt wrong data, or something is wrong with integration Chirpstack<->PostgreSQL?
If you have idea where I am wrong I would be gratefull for any help…