KM200 on OpenHAB 3 last version

Hi @all,

i have try to connect my MB LAN 1 from Junkers and recive follow filure:
021-01-10 18:07:54.549 [INFO ] [ab.event.ThingStatusInfoChangedEvent] - Thing ‘km200:kmdevice:0d3663a6ac’ changed from INITIALIZING to OFFLINE (COMMUNICATION_ERROR): No communication possible with gateway

Has any Body a idea what i make wrong here, u have try all things what i find in the World Wide Web.

Thanks for your Help.

Cheers
Max

First of all: Welcome to the openHAB forum!
Shouldn’t this be “MB Lan 2”?
I’d suggest to put the binding into debug mode and check the log.
Either the device is not reachable or the credentials are not correct.
What JVM did you install? Have you installed the support for strong encryption?

Hi Thomas,
Mandy thanks dir your reply.
My MB LAN are Build 2011 ist First Generation Form MB LAN Version ist works in the Heat tronic 3 by a Junkers Maschine.

I have install the OoenHAB in my Qnap System in a Docker.

How i find the Log that you News dir Help or Start the Log? Linux is Not my Friend System :slight_smile:

What do you News with encryption?

I´m sorry but the meaning of your answer is not totally clear.

If I remember correctly you require an MB Lan 2 for the binding (aka. km200).
@Markinus may be able to clarify this.

Regarding the logging:
Please have a look into the corresponding documentation on logging with OH
There are plenty of options described.

Ok than i need MB Lan 2 for this Binding, than is my MB Lan to old :frowning:

You mean this:
KM200GatewayHandler tried updating the thing status although the handler was already disposed.
2021-01-10 18:07:54.383 [INFO ] [internal.handler.KM200GatewayHandler] - Update KM50/100/200 gateway configuration, it takes a minute…
2021-01-10 18:07:54.545 [WARN ] [binding.km200.internal.KM200Cryption] - Exception on encoding
java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:10 63) ~[?:?]
at javax.crypto.Cipher.implInit(Cipher.java:838) ~[?:?]
at javax.crypto.Cipher.chooseProvider(Cipher.java:901 ) ~[?:?]
at javax.crypto.Cipher.init(Cipher.java:1286) ~[?:?]
at javax.crypto.Cipher.init(Cipher.java:1223) ~[?:?]
at org.openhab.binding.km200.internal.KM200Cryption.d ecodeMessage(KM200Cryption.java:94) [bundleFile:?]
at org.openhab.binding.km200.internal.KM200Device.get ServiceNode(KM200Device.java:353) [bundleFile:?]
at org.openhab.binding.km200.internal.handler.KM200Ga tewayHandler.checkConfiguration(KM200GatewayHandle r.java:237) [bundleFile:?]
at org.openhab.binding.km200.internal.handler.KM200Ga tewayHandler.initialize(KM200GatewayHandler.java:1 17) [bundleFile:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invo ke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invo ke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl. invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.openhab.core.internal.common.AbstractInvocatio nHandler.invokeDirect(AbstractInvocationHandler.ja va:154) [bundleFile:?]
at org.openhab.core.internal.common.Invocation.call(I nvocation.java:52) [bundleFile:?]
at java.util.concurrent.FutureTask.run(FutureTask.jav a:264) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:834) [?:?]
2021-01-10 18:07:54.547 [WARN ] [b.binding.km200.internal.KM200Device] - Decoding of the KM200 message is not possible!

Did you properly set the secret key in the gateway thing? From the log it seams that this is not the case, the binding is unable to decrypt the data received.
What seems to be missing is the unlimited cipher strength for java. I’m not familiar with docker, but I think I remember that some env variable has to be set too (not sure about that).
Maybe check out this.
Something like CRYPTO_POLICY=unlimited

Hi there,

had the same problem yesterday with my openhab Docker-Container in Unraid.
The Problem was the limited crypto.policy for java.

You can test the current policies yourself this way:
https://www.jvmhost.com/articles/jce-unlimited-cipher-policy-different-jdk-versions/

Create new File CipherTest.java:

cat > CipherTest.java<<EOF
import javax.crypto.Cipher;

class CipherTest {
    public static void main(String[] args) {
        try {
            int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
            System.out.println("Max AES key length = " + maxKeyLen);
        } catch (Exception e){
            System.out.println("FAILED: No AES found!");
        }
    }
}
EOF

Then run:

javac CipherTest.java

and then run:

java CipherTest

Typical value for weak cipher policy is 128. Maximum value is 2147483647 and it confirms unlimited cipher strength policy.

In my installation i had only 128 and did the following:

I took the file /usr/lib/jvm/default-jvm/conf/security/java.security out of the Container as template and edited the java.security to “crypto.policy=unlimited”. Put it to a known Location in my host filesystem and mounted in the Container:

Host: /mnt/user/appdata/openhab2/java.security
Mountpoint in the container: /usr/lib/jvm/default-jvm/conf/security/java.security

After that i tested it again and the value was 2147483647 and the binding works.

Thanks for the message, the problem what i hve is that Linux not my System normaly Work with Microsoft or IOS.

The Website that you me have send i dont understand what i must do :frowning:

1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
++ echo true

  • interactive=true
  • set -euo pipefail
  • IFS=’
  • ‘[’ limited = unlimited ‘]’
  • rm -f /openhab/runtime/instances/instance.properties
  • rm -f /openhab/userdata/tmp/instances/instance.properties
  • NEW_USER_ID=9001
  • NEW_GROUP_ID=9001
  • echo ‘Starting with openhab user id: 9001 and group id: 9001’
    Starting with openhab user id: 9001 and group id: 9001
  • id -u openhab
  • initialize_volume /openhab/conf /openhab/dist/conf
  • volume=/openhab/conf
  • source=/openhab/dist/conf
    ++ ls -A /openhab/conf
  • ‘[’ -z ‘html
    icons
    items
    persistence
    rules
    scripts
    services
    sitemaps
    sounds
    things
    transform’ ‘]’
  • initialize_volume /openhab/userdata /openhab/dist/userdata
  • volume=/openhab/userdata
  • source=/openhab/dist/userdata
    ++ ls -A /openhab/userdata
  • ‘[’ -z ‘etc
    logs
    tmp’ ‘]’
    ++ cmp /openhab/userdata/etc/version.properties /openhab/dist/userdata/etc/version.properties
  • ‘[’ ‘!’ -z ‘]’
  • chown -R openhab:openhab /openhab
  • sync
  • ‘[’ -d /etc/cont-init.d ‘]’
  • sync
  • ‘[’ true == false ‘]’
  • exec gosu openhab tini -s ./start.sh
    Launching the openHAB runtime…

I have create the Login Key over this Link
https://ssl-account.com/km200.andreashahn.info/

What can i do for run the Binding with my MB LAN.

Thanks for the messge but i dont what i must do :frowning: Linux not my World :frowning:

@Borbosch lead you the correct way on how to test your cypher strength.
Simply create the file and run it using the text he gave you.
This will show you about the status of the key length supported on your installation.
If it’s to short it won’t work.
As mentioned before I’m not a docker expert, but there is at least an environment variable to be set. Some more info in this post.
To be honest: If you are missing the very basic Linux knowledge it will be hard to maintain your OH installation.
Maybe start with a Windows based setup first and learn how to handle OH itself would be the better way to start.
Or, as an alternative, run OH on a Raspberry PI based on the openhabian setup routines. This will install everything you need without first learning to handle Linux in detail.

But what i can do now?

You have been given clear instructions in Patricks post on how to enable a proper encryption.
Simply follow it.
If that is impossible due to lack of knowledge about the platform you´ve chosen rethink your approach and maybe switch to a different platform that you are able to handle.
I do not mean to be harsh or rude, please do not mistake me here. It simply makes no sense to run openHAB one a platform you are not able to maintain for a longer period of time.

Ok thanks for your help, ist not my place for this, i´m for plug and play and no SSH Games.

But i dont know what is this
took the file /usr/lib/jvm/default-jvm/conf/security/java.security out of the Container as template and edited the java.security to “crypto.policy=unlimited”. Put it to a known Location in my host filesystem and mounted in the Container:

Host: /mnt/user/appdata/openhab2/java.security
Mountpoint in the container: /usr/lib/jvm/default-jvm/conf/security/java.security

I have create this file: CipherTest.java with this

cat > CipherTest.java<<EOF
import javax.crypto.Cipher;

class CipherTest {
    public static void main(String[] args) {
        try {
            int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
            System.out.println("Max AES key length = " + maxKeyLen);
        } catch (Exception e){
            System.out.println("FAILED: No AES found!");
        }
    }
}
EOF

But i dont found this folder:
/usr/lib/jvm/default-jvm/conf/security/java.security

i have found this java.security

First: What was the output of the Cipher test? Only this will tell if missing encryption strength is the reason for your problem.

Run
java CipherTest.java

You can set the docker environment variables in the startup script:
How to pass env. variables