Thanks! I got it working.
Is this included now or do I still have to download?
(I have the Secure Inclusion Mode set at âEntry Control Devicesâ in my Z-wave serial controller.)
It is not currently included in the snapshot version.
Sorry to ask the same stuff again but just to confirm I got this right:
- secure inclusion is not yet possible on stable/public version
- if I want to use it right away I should download the snapshot
- it will be part of the public version soonish
- even though Paper UI (in Z-Wave Thing settings) has an option for secure inclusion it shouldnât be used/doesnât work yet
What if I have securely included a device earlier through different software, will this device not work with the current Z-Wave binding at all or is this just about the inclusion process itself?
if I want to use it right away I should download the snapshot
No. The snapshot still does not have the security built-in. You must download the jar file from here and add it to your addons directory (and remove the built in binding through karaf).
even though Paper UI (in Z-Wave Thing settings) has an option for secure inclusion it shouldnât be used/doesnât work yet
Correct. You really should be using habmin for any zwave inclusion, secure or insecure.
What if I have securely included a device earlier through different software, will this device not work with the current Z-Wave binding at all or is this just about the inclusion process itself?
If you switch bindings, this is the breaking change that Chris has referenced. Your previously included devices will not work when switching to the security-included zwave binding. While you wonât have to exclude and re-include them, you will have to delete each thing and re-initialize the devices.
Chris or anyone is welcome to correct anything that I have not explained clearly or incorrectly. 
Thanks for the clarification. I had this idea that secure inclusion, once done, would be independent from the software layer that speaks to the controller, but it looks like thereâs more to it than that. ÂŽ
I wonder why Habmin should be used over Paper UI? It seems like they could both use the same process for inclusion these days (based on just what Iâm seeing, no idea whatâs going on behind the scenes).
I think it would be beneficial to mention the current state of secure inclusion in documentation/UI, so that there would be no possibility for someone to think they are using secure communications while they actually arenât.
Security is handled in the binding - not in the controller, so itâs down to the binding software to handle this.
HABmin provides more information on the progress than PaperUI which provides no feedback. Other than that itâs the same for inclusion. However, I would strongly recommend HABmin for configuring devices as it better handles configuration. PaperUI will update all parameters on a device which can cause a lot of network traffic (especially a problem in battery devices).
1 Like
Pardon the pun I think I have myself in a bind⊠I have a Yale 220YRD lock that is recognized in the 2.3.0 version but not in this 2.2.0.xxxx interim binding.
So I can get it to show up properly and add items etc. but not operate the lock in 2.3.0.xxxx. The attribute âUsing Securityâ check box was a grey â?â.
In this 2.2.0.xxx version you guys are using successfully it only show up in Things as a generic âZ-Wave Node 5â Thing.
Any ideas on how to fix or do I need to wait for the Snapshot?
Ok updated latest Snapshot to see:
203 | Active | 80 | 2.3.0.201802031138 | ZWave Binding
Took the excluded the lock successfully then removed the USB controller. Included it using Habmin and getting this log error
SECURITY_ERROR Invalid state! Secure inclusion has not completed and we are not in inclusion
mode. Aborting
Iâve got it in High Power Inclusion and Security Inclusion mode is set to âEntry Control Devicesâ.
Went back to that above interim build and the Yale lock still no workie workieâŠall my other devices are solid though. Even got Alexa to workâŠyâall are awesome!!!
Is the code in the .jar file modular enough that I can grab the 2.3.0 Yale lock stuff and put in into this interim 2.2.xxxx build? Kind of a shadetree java guy (aka. unreliably dangerous).
I doubt going back to an older version will work given there havenât really been any changes in the security handler for a long time. I would suggest to look at the debug logs and try and work out whatâs wrong - going backwards isnât ultimately going to work 
OK thanks got it showing up with the Using Security attribute as green now. So I had the latest SNAPSHOT from the other day with the 2.2.0xxx .jar file earlier which didnât work. I dropped in the .jar file from above (or here).
Now I just have to figure out how to add it as an item correctly. ON/OFF doesnât work but no errors. Not sure what command the lock is expectingâŠ
Iâm struggling trying to securely include my door lock (IdLock). I see this in the log:
2018-02-05 17:51:15.933 [INFO ] [alization.ZWaveNodeInitStageAdvancer] - NODE 26: SECURITY_INC State=FAILED, Reason=GET_SCHEME
a previous attempt after exluding and including again (using habmin) gave me this:
2018-02-05 17:37:57.847 [INFO ] [mmandclass.ZWaveSecurityCommandClass] - NODE 24: Using Scheme0 Network Key for Key Exchange since we are in inclusion mode.
2018-02-05 17:38:18.270 [INFO ] [alization.ZWaveNodeInitStageAdvancer] - NODE 24: SECURITY_INC State=FAILED, Reason=SET_KEY
any pointer to what I should try next? (Iâve already tried excluding and adding 6 or so times, network inclusion is set to high)
I finally got my lock included. I had to change the z-wave network security key to make it work
@chris, Iâm trying to use the alarm_raw channel for the YRD210 to detect user code entry. It appears that the snapshot JAR linked in this thread does not have the latest database. Is there any chance you could recompile the binding with the latest DB so that we can use that channel?
Correct - itâs not completely up to date. However the YRD210 was last updated in the database in December, and these changes are in the binding, so for this device, it is up to date.
I note that the database for the YRD210 does not have this channel currently defined.
Interesting. I was looking at this device instead, since it also says that it applies to the YRD210. Is that correct? If so, how can I use that device definition instead?
The changes requested there are not approved - as per the comments at the bottom Iâm not (yet) convinced that we can have a single entry for all these devices and this needs to be justified before we screw every bodies locks up.
You canât select the definitions - itâs selected based on data your device provides.
This makes sense. I appreciate your responses. Iâm new but very eager. Maybe I should request access to the device DB and add the alarm_raw enhancement to the active YRD210 definition. Does this sound like a good idea to you? I wonât waste my time and yours if you know off the top of your head that you wouldnât approve the change.
Thanks
Sure - itâs fine - no problem. You should now have edit accessâŠ