Key Management / Exchange for a Large Number of Devices

Hi Brocaar and everyone else ,

I am using LoRaServer Project and as an end node an Arduino together with the lmic library.

Is there any way to generate the keys for many devices (>50) without the lora app server web interface and without setting the AppKey and Device EUI in the enddevice for every new endnode in the field ?

The current procedure for every new device is that i go to the webinterface and generate the deveui and appkey and then set these keys in the source Code of my endnode for OTAA . For a few devices this process is ok but for a huge number it is not practicable.

I would appreciate every suggestion for key Management / exchange for a large number of devices.

Thanks for the support.

Best Regards

Use the API for entering nodes in LoRaServer automatically.

On your end node you can generate a customized unique file to flash, or (you would have to check this) it may be that avrdude can write a file containing just a few words into locations left erased when loading the program if you specifically tell it not to erase for the second operation, or you can implement runtime communication with your node to upload (over a serial wire, etc) details which it saves in EEPROM.

Essentially your board flashing (or configuring) rig will put nodes into LoRaServer as it manufactures them, or else it will operate with your own database, and something else will pull new entries out of that and send them to LoRaServer.

OTAA join vs. ABP changes the specifics of the shared secrets, but either way you will still have some that need to get into both systems.

1 Like

Thanks for the suggestion @cstratton, i will try it.

Does anyone have any another suggestion ?

Thanks for the help !

I actually have a question about this. I want to write a simple mobile app that will handle the device activation without an end user having to deal with the loraserver web UI.

It is my understanding that both Device EUI and AppKey must be known to the device.That is they are stored on the device by the manufacturer. What I am confused about is if the AppKey needs to be known in advance. How is one to generate it? Also is it safe to expose the device/app eui and the app key to the end user? For example I want to create a QR code with the 3 keys and then use the lora server API to add the device. Then maybe the user can push a button on the device (after the device is added) to initiate a join.
Not sure if that is a common use case?

Is your goal to sell a device which users can use on any LoRaWAN network? If so, give them the full information and ideally even provide a way to change it.

On the other hand, if your business in a selling a service then you may want the hardware to just have an ID that is used as a lookup into a proprietary database you maintain, filling records when you manufacture/program devices. You could even pre-register devices on manufacture/programming; what the end user needs to do is just associate the device’s data feed with their account.

I am exploring the idea of building an ecosystem but with a focus on the end devices to target very specific industries/domains. And provide domain specific end user applications that would allow the users to interact with their end devices for data collection and analysis.

I like the idea of the devices being pre-configured in a way, so they can be added to a loraserver application that would be pre-created based on the domain. The server can be hosted “on premise” along with a backend to interface with mobile/web app or could be hosted in the cloud. The user would not need to interact with the loraserver.