[SOLVED] Z-Wave Network key


I think I have paired some devices securely with my z-wave network. Now I am trying to figure out with what kind of network key they were paired. I did not specify a network key in the configs.
Is there any option to read the network key from the controler?

In HABmin, go to Configuration->Things, then select your Z-Wave Serial Controller thing. Then in the Tools menu (upper right of screen), select Show Advanced Settings. Open the Z-Wave Network Settings panel. You will see the Network Key that was used to securely include your devices.

I keep a backup of that key somewhere safe in the event of a catastrophic failure of my openHAB system.


thanks for the quick reply. I am still on openhab1. How would I proceed there?

I’m 100% certain that secure includes are only supported by the most recent (2.3 M4) Zwave 2.x version binding. I’m not certain but strongly suspect that chris has no intention of backporting that support to the 1.x version binding.

Since the binding has to be involved with secure includes I doubt you have successfully included any devices that include security, unless you used some other software to perform the include, in which case I don’t think the Zwave binding will be able to use those devices anyway.

Secure Incusion (should) work directly between the controler and the deivce. I am using the Aeotec Gen 5 Stick which is battery powered so I am pretty confident the secure inclusion worked.

I was able to read the Network Key through the Aeotec ZStick Backup Software.

Sorry, I missed the fact that you were still on OH1.

No problem - I forgot to mention it. :slight_smile:

No - secure inclusion requires the binding. The controller doesn’t really do anything with security.

There was an OH1 version that included security, but I forget if we ever merged it into master (it was too many years ago now :wink: ).

It is possible to store the key in the dongle, although I don’t think there’s any guarantee that it’s the same as used by the binding unless you made sure of this yourself (which it seems you might have :wink: ).

1 Like

I included the Aeotec 6in1 which can be forced to do secure inclusion only (doubleclick the button). It gave me the purple led (instead of the green one) after including it only with the controller, which should indicate successful secure inclusion. But I don’t know what is happening in the background so this could be wrong.

I did not configure the key in the binding config, so I just really hope that the key from the stick was used …

Unless you have some sort of super new controller, I don’t believe that the security classes will be handled in the controller. With the latest software from Sigma, this is done in the host, and with openHAB, it is also done in the host. I don’t think there is any controller firmware to handle the security CC in the controller.

I was recently discussing controller firmware with Aeon as I was looking for a version which included the new IMA features, and they told me that they are still shipping controllers with very old firmware. I will check with their developers though.

It is not used… My understanding of this is it’s just used as a store, and the binding does not use it. Again, if you have a new controller which handles the security in the controller itself, then maybe it is used, but as above, I’m not aware that this feature exists and I’ve not seen it in the latest SDK.

This was about 1.5 years ago. I just remember the purple led because it took me a couple tries to get it right.
So I it definitely is old.

Just to confirm what I said earlier from the Aeotec developers. The network key that is stored in the dongle is not used for anything, and the controller does not perform any secure inclusion, or any other form of security by itself. This is all done in the binding.