documentation

Security Keys

Security keys are the basis of maintaining data and device integrity. LoRaWAN relies on a unique security key for each end-device to minimize the damage of a stolen key. Therefore, it is not acceptable to use the same root key on multiple devices. Additionally, root keys cannot be based on DevEUI or any other easily-guessed scheme. Keys should not be all zeros or all ones. To obtain security keys, use a state-of-the-art cryptographic process that allows minimal transport of keys in plain text. Nonces and other methods used to generate keys should vary based on blocks of devices. For example, you can change the inputs, such as nonce values, for key generation every 64,000 devices. You can also use an alternate JoinEUI to ease the burden of looking up the exact input needed to regenerate the key, if required.