How to confirm Z-Wave security: Is it secure?

I would like to find out if and which of my Z-Wave devices have been included using the secure mode. I am using Aotec Z-Stick Gen5 and a variety of their and Fibaro devices, mostly. I am on OpenHAB 1.8.3 on a RPi.

I have no idea where to look to find out if the communications are secure. I assumed, incorrectly, that z-wave has security built-in, but I now know that it is not the case if I have used the stick to include the devices. However, even the devices that were included using OpenHAB as the host controller of the z-stick may or may not be secure.

Cursory look in the z-wave .xml files shows <security>false</security> for all the devices, but I do not even know if that is what I am looking for. Ideally, there would be an easier way to find out if my device comms are secure or not.

Any suggestions as to where to look would be much appreciated, thank you.

The release version of the zwave binding does not support secure inclusion, see this thread for more info:

I think this question is about OH1 - the release version does include security (although as I didn’t write it, I can’t really help too much with answering the question).

Don’t worry too much about this - I’m far from convinced it means anything at all…

oops, missed that. I fully admit to being a dork

Thank you, @Mike_Bagdanoff and @chris. Is there a way to inspect traffic, log files, settings or any part of the OH1 configured data to see if and which devices are communicating securely with the z-wave stick? I would much rather have that knowledge before putting some parts of the house on it. Thanks for your great work.

You can look through the logs - you’ll probably find some information there, but I’m not really able to offer any advice as I never used the security version in OH1 - sorry.

FYI, the discussion about z-wave security has accidentally continued on this thread: Missing Z-Wave Fibaro FGS-213 Switch & Z-Wave Security Set-up