Network key

The network key encrypts and decrypts over the air messages at the network layer. When you enable encryption, each node on the network is required to have the network key to communicate with other nodes. The network key is shared by every device on the network and only needs to be set on the network coordinator. Use the NK parameter to set a user-defined network key; this parameter is only applicable to a coordinator (CE = 1). In most situations, the network key should be randomly generated (NK = 0) and managed by the network.

If you are running a centralized trust center, you can change the NK parameter on the trust center which propagates to the rest of the network a few seconds later. This is useful for high-security applications where regular network key rotation may be desired. In a distributed trust center, the key is defined when the network is formed and cannot be changed without reforming the network.

Optionally, network keys can be sent and received in-the-clear by setting the EO bit 0 (EO = 1) on the forming and joining nodes. Digi strongly discourages this setting, because it could allow unauthorized devices to obtain a copy of the network key.

In addition for centralized trust center you can use RK (Trust Center Network Key Rotation Interval) to do network key rotation (only when NK = 0) with a range of 1 to 22 days automatic interval. Also you can perform a one time key update by setting RK to zero, which could be used to extend the time interval beyond 22 days or any interval implemented by your application.