Getting started

General information

There are three different kind of encryption mode in DLMS meters. Security Suite 0, that is using GMAC for encryption. Security Suite 1, that is using NIST P-256 for encryption and
Security Suite 2 that is using NIST P-384 for encryption.

Security Setup object of the meter will tell what encryption mode your meter is using. Just read Security Setup object and check Suite-parameter. You don't need public/private key pair if your meter is using GMac.
If your meter is using NIST P-256 or NIST P-384, you need to generate private key for the client and then you need to Generate certificate request and ask new x509Certificate.
Client's x509 Certificate is then transported to the meter. You can see list of meter's certificates when you read Security Setup object.

DLMS meters are using two different kind of certificates.

  • Digital Signature
  • Key Agreement

Digital Signature key pair

Digital Signature key is used when ECDSA authentication is used or
sign the data with Ephemeral Unified Model or One-pass Diffie-Hellman schema.

Digital authentication key
Digital authentication key is used to encrypt the data when One-pass Diffie-Hellman or Static Unified Mode scheme.

Private keys

Generate

Using Generate you can generate a new Private key. Private key is saved in PKCS #8 format.

If you have Open SSL generated private key and you want to convert it to the PKCS #8 format you can just add your private key to the Prove key text box and press "Convert"-button.

Add

Using add you can add your exists private key to the GXDLMSDirector.

Rename

Change your private key file name.

Get certificate

When you have private key you need to generate the Certificate Signing Request (CSR) in PKCS #10 format and send it for a CA to generate a Certificate.
Gurux will use own service to generate the Certificate. Note that there is a limit how many certificates you can do a day.

Info

Private key information.

Remove

Remove your private key from GXDLMSDirector.

Public keys

Generate

Using Generate you can generate a new x509 Certificate from PKCS #10. If you don't have x509 PKCS #10 you can import your private key and ask Gurux Certification server to generate a new certificate.

If you have Open SSL generated private key and you want to convert it to the PKCS #8 format you can just add your private key to the Prove key text box and press "Convert"-button.
Give system title and then press "Get"-button. Now select private key and press "Open". Generated PKCS #10 is shown in the text box.
Pressing "Save" button GXDLMSDirector will ask a new certificate from the Gurux Certificate generator and a new certificate is saved for later use.

Add

Using add you can add your exists certificate to the GXDLMSDirector. Certificate format must be x509.

Rename

Change your certificate key file name.

Info

Certificate information.

Copy System Title

Copy system title to the clipboard.