I am trying to connect to the meter with HLS ECDSA authentication. While trying to connect the same I am getting no mechanism name in the request shown in xml form.
No I haven't set that part. should i be setting the client's private key and server's public key? Can you please let me know the code I should be using to set this?
client.setAuthentication(Authentication.HIGH_ECDSA);
//Set client private and public key...
target.getCiphering().setKeyAgreementKeyPair(...);
//Set server certificate...
target.getCiphering().getCertificates().add(certificate);
Don't use ciphered connection yet. Use ECDSA authentication level.
What you need to do is this.
1. If you don't have public private key pair generate them and certificate using Gurux like below or using openSSL.
////////////////////////////////////////////////////////////////
// Generate signing keys.
Date from = new Date();
Date to = new Date(from.getTime() + 365L * 24L * 60L * 60L * 1000L);
// Create client certificate for digital signature.
GXx509Certificate certificate =
GXx509Certificate.createSelfSignedCertificate(
key, from, to,
client.getCiphering().getSystemTitle(),
"CN=Test, O=Gurux, L=Tampere, C=FI", KeyUsage.forValue(
(KeyUsage.DIGITAL_SIGNATURE.getValue())));
2. Transport generated client x509Certificate certificate to the meter using importCertificate- method.
3. add meters public key to client's certificates.
client.getCiphering().getCertificates().add(certificate);
client.setAuthentication(Authentication.HIGH_ECDSA);
The meter itself uses Security suite 1 . If I do not use ciphered connection I am getting error back as invalid application context name as I my context name will be LN instead of LN_WITH_CIPHERING.
Also how can I import the certificate without making an appication association. I tried calling importcertificate without making application association but i did not get any response from the meter.
Connection meter with ECDSA connection
Hi,
Have you set public/private key pair using setKeyAgreementKeyPair?
BR,
Mikko
Connection meter with ECDSA connection
Hi
No I haven't set that part. should i be setting the client's private key and server's public key? Can you please let me know the code I should be using to set this?
Thanks
Yatin
Connection meter with ECDSA connection
Hi,
Can you tell what meter you try to read (model)?
client.setAuthentication(Authentication.HIGH_ECDSA);
//Set client private and public key...
target.getCiphering().setKeyAgreementKeyPair(...);
//Set server certificate...
target.getCiphering().getCertificates().add(certificate);
BR,
Mikko
Connection meter with ECDSA connection
Hi
Meter manufacturer is Tatung. They have provided me the server ublic key and not any certificate.
Thanks
Yatin
I tried the request again
I tried the request again with Security suite-1, and following request gets formed:-
7E A0 6C 02 85 27 10 53 D3 E6 E6 00 60 5D A1 09 06 07 60 85 74 05 08 01 03 A6 0A 04 08 45 49 50 31 32 33 34 35 8A 02 07 80 8B 07 60 85 74 05 08 02 07 AC 12 80 10 74 3B 0F 40 34 07 68 0A 71 0B 3B 33 6F 75 77 64 BE 23 04 21 21 1F 30 7F FF FF FF 87 BC F8 99 35 48 C0 AA FF BE E1 E0 AB D3 9E 19 91 E6 C1 11 50 29 FF 7B 97 5A 0A 70 7E
The request instead seems to be getting formed for security suite 0 instead. Please check this on priority..
Thanks
Yatin
Connection meter with ECDSA connection
Hi,
Don't use ciphered connection yet. Use ECDSA authentication level.
What you need to do is this.
1. If you don't have public private key pair generate them and certificate using Gurux like below or using openSSL.
////////////////////////////////////////////////////////////////
// Generate signing keys.
Date from = new Date();
Date to = new Date(from.getTime() + 365L * 24L * 60L * 60L * 1000L);
// Create client certificate for digital signature.
GXx509Certificate certificate =
GXx509Certificate.createSelfSignedCertificate(
key, from, to,
client.getCiphering().getSystemTitle(),
"CN=Test, O=Gurux, L=Tampere, C=FI", KeyUsage.forValue(
(KeyUsage.DIGITAL_SIGNATURE.getValue())));
2. Transport generated client x509Certificate certificate to the meter using importCertificate- method.
3. add meters public key to client's certificates.
client.getCiphering().getCertificates().add(certificate);
client.setAuthentication(Authentication.HIGH_ECDSA);
4. Connect to the meter.
BR,
Mikko
The meter itself uses
The meter itself uses Security suite 1 . If I do not use ciphered connection I am getting error back as invalid application context name as I my context name will be LN instead of LN_WITH_CIPHERING.
Also how can I import the
Also how can I import the certificate without making an appication association. I tried calling importcertificate without making application association but i did not get any response from the meter.
Thanks
Yatin
Connection meter with ECDSA connection
Hi,
It's easier to check what if the problem if a secured connection is not used. But anyway. Security Suite 1 can support both GMAC and ECDSA.
You need to connect using GMAC to the meter and then update new certificate.
BR,
Mikko
Connection meter with ECDSA connection
Hi
I was able to get the application association but further reply to authentication request failed.Below is the sample for application association:-
Request - 7E A8 8A 02 85 27 32 65 E0 DD 08 00 00 00 00 00 00 80 00 08 45 49 50 31 32 33 34 35 08 50 43 45 49 2D 34 33 41 00 00 01 02 01 02 00 67 31 00 00 00 00 2E 56 D5 23 27 7B B7 41 C5 72 6F DD BF C3 82 8D 75 7C 16 69 36 C4 99 B0 8E 30 DA 82 18 1A 3A 99 D1 B5 5D 71 F9 7F 01 89 45 E8 1E 7F EA 31 EF 8C 88 E4 86 E6 EE 80 D3 0C 35 DC 16 27 DD 8A 17 D1 72 DE F8 4E A8 97 65 EF 1A BD 88 5C 06 BD 8E 37 A4 C0 E4 67 F1 AC 52 30 10 7E
reply - 7E A0 08 27 02 85 51 DF F1 7E
request - 7E A0 15 02 85 27 34 E2 F0 7A FA 43 6B 9F 2A F0 01 4B E9 93 BD CC 7E
reply - 7E A0 0D 27 02 85 97 B1 74 34 42 03 F5 6D 7E
Thanks
Yatin
Connection meter with ECDSA connection
Hi,
Meter closes the connection. Have you updated client's certificate to the meter?
Can you try to connect with GMAC first?
BR,
Mikko
Hi
Hi
Yes that is already uploaded. Manufaccturer manually uploaded the public key on the meter through optical probe. What is the issue with the request?
Thanks
Yatin
I tried doing it following
I tried doing it following code:-
PublicKey pubKey = GXAsn1Converter.getPublicKey(GXCommon.hexToBytes("client public key"));
PrivateKey priKey = GXAsn1Converter.getPrivateKey(GXCommon.hexToBytes("client private key"));
KeyPair kp = new KeyPair(pubKey, priKey);
dlms.getCiphering().setKeyAgreementKeyPair(kp);
PublicKey pubKey2 = GXAsn1Converter.getPublicKey(GXCommon.hexToBytes(serverKey));
Map.Entry entry = new AbstractMap.SimpleEntry<>(CertificateType.KEY_AGREEMENT, pubKey2);
dlms.getCiphering().getPublicKeys().add(entry);
Connection meter with ECDSA connection
Hi,
Can you ask from the manufacturer is meter using Invocation counter?
If that is used you need read and set it.
Something like this:
GXDLMSData d = new GXDLMSData("0.0.43.1.2.255");
read(d, 2);
client.getCiphering().setInvocationCounter(d.getValue());
BR,
Mikko