I want to set up the encryption in the field by broadcasting session key, can you give steps/commands which I can use to analyze this feature?

I want to set up the encryption in the field by broadcasting session key, can you give steps/commands which I can use to analyze this feature?

In order to broadcast the session key in the field, a provisioning key must be set in advance. The provisioning key encrypts the session key and ensures that no unencrypted key is ever broadcast. At the factory or at some point prior to field deployment the provisioning key would be set on all devices with the ATPK command:

atpk123456789abcdef123456789abcdef12

Note that 128-bit AES encryption is used and the key is ASCII coded hex as shown above. Next, a session key is set at the coordinator with the ATSK command:

atsk12312312312312312312312312312312

Next, the session key is broadcast to endpoints using the ATKU and ATKL to broadcast the upper and lower halves of the key respectively. The commands at the coordinator to broadcast the key to endpoint with ID 12345678 are:

atku12345678
atkl12345678

At this point the endpoint now has the session key and encryption is enabled at the endpoint by default. To verify, use the ATEE command to verify that it returns 1 meaning the keys are set and encryption is enabled. The ATKU and ATKL commands can be used repeatedly to pass the keys to multiple endpoints, and once complete the coordinator can enable encryption with the ATEE command:

ATEE1

Encrypted communication will now operate automatically and messages can be sent the same way as if no encryption was enabled. For instance, the endpoint can send the message “hi” to the coordinator using the basic ATSP command:

ATSPhi

The message arrives at the coordinator the same way as if no encryption was enabled.