What order is the data sent in the KU/KL AT commands?

            The KU/KL commands assume that the session key is already set at the coordinator. So to transmit keys from the coordinator to an endpoint the following steps must be used:
            1. Set the Provisioning Key using the PK command on both the coordinator and endpoint. This can be set at the factory or prior to deployment in the field.
            2. Set the Session Key on the coordinator in the field which will be the key used for future communications.
            3. Use the KU and KL commands to transfer the key to an endpoint. The format of the command is: ATKU<id> and ATKL<id>. So for example, to transfer the upper half of the key to an endpoint with device ID 12345678, use the command: ATKU12345678.
            4. Enable encryption on the coordinator. Endpoints will enable encryption automatically when it receives both halves of the session key.
            5. Communicate between the devices normally using Send Packet or other commands. The communications will be encrypted over the air but are sent and received through the serial port as normal plaintext.

            Note that when the session key is sent over the radio, it must be encrypted with the provisioning key. The modules do not allow for unencrypted transfers of keys over the air. If setting a provisioning key prior to deployment in the field is not possible for all devices, the session key may be programmed in the coordinator and endpoint devices at any time.

            Updated: 18 Sep 2018 05:07 PM
            Help us to make this article better
            0 0