Hi everyone,
I experience the issue that my keyring import in openhab 4.2.1 is not working for data secure read only group addresses. The IP secure connection via secure router works fine and I’m able to communicate with non-secure group addresses (but only if I provide the router backbone key directly to the configuration - it’s not used from the key file).
I followed the documentation and added the keyring.knxkeys file to the newly created misc directory (on same level where items, things, etc. directories are placed → /etc/openhab/misc). Further I added the keyringPassword to the configuration and defined the filename as follows:
// Thing configuration
Bridge knx:ip:bridge [
type="SECUREROUTER",
localIp="192.168.178.123",
routerBackboneKey="XXXXX",
keyringPassword="XXXXX",
keyringFile="keyring.knxkeys"
]
//Item configurations
Type number : TempHar "HAR Temp" [ ga="9.001:<5/0/1" ]
The logs always tell me the same problem:
2025-01-02 14:38:03.845 [WARN ] [nx.internal.client.AbstractKNXClient] - Giving up reading datapoint 5/0/1, the number of maximum retries (3) is reached.
Therefore I increased log level for calimero and knx binding to “TRACE” and it gives me what I already expected: The group key seems to be not available:
2025-01-03 09:47:54.960 [DEBUG] [calimero.link.224.0.23.12:3671 ] - indication 1.2.10->5/0/1 L_Data.ind, low priority hop count 4, tpdu 03 f1 10 00 30 63 97 a1 7c f6 9a ec 2a 83 9e c0 64
2025-01-03 09:47:54.960 [INFO ] [calimero.🔒-AL 224.0.23.12:3671 ] - tuwien.auto.calimero.secure.KnxSecureException: no group key for 5/0/1
2025-01-03 09:47:54.960 [INFO ] [calimero.🔒-AL 224.0.23.12:3671 ] - tuwien.auto.calimero.secure.KnxSecureException: no group key for 5/0/1
2025-01-03 09:47:54.960 [INFO ] [calimero.🔒-AL 224.0.23.12:3671 ] - tuwien.auto.calimero.secure.KnxSecureException: no group key for 5/0/1
2025-01-03 09:47:54.961 [INFO ] [calimero.🔒-AL 224.0.23.12:3671 ] - tuwien.auto.calimero.secure.KnxSecureException: no group key for 5/0/1
That’s why I checked the keyring export, but I do not really understand why the group addresses have a different notation (instead of e.g. 5/0/1 there are five-digits numbers:
<GroupAddresses>
[...]
<Group Address="10500" Key="nzQxxxxxxxxxxx==" />
<Group Address="10501" Key="mu9xxxxxxxxxxx==" />
<Group Address="10503" Key="hv/xxxxxxxxxxx==" />
[...]
</GroupAddresses>
Maybe someone can give me a hint how to check if the key import is at least executed or how to fix it. Maybe I just placed the keyring file at the wrong place?
Thanks and BR!