Operation
Document No. D113-015
Page 45 of 77
Revision 1.9
Change methods, Message Authentication Code (MAC) algorithms, and Authentication
methods provided in the DNP3 protocol specification.
Various keys are used in DNP3 Secure Authentication. Session keys are used most frequently
as it is used for Authentication of the requests. These keys are updated by the DNP3 master
at a certain interval or every time there has been a message failure. The DNP3 master encrypts
these keys before sending them across the wire using the Key Wrap Algorithm selected and
the Update key. The Update Key can be updated in numerous ways (including sending it
across the wire with another set of Keys encrypting that message).
The HART 4 modules support DNP3 Secure Authentication 5, using the Pre-Shared Key
method for Key Changes. Thus, the Update Key needs to be entered into each device by
means outside of the DNP3 protocol.
In Slate the user can write the Update Key into the HART 4 module using the Key tab in the
Online Status window. The key entered must match the Key Wrap Algorithm selected. Thus,
if AES-128 Key Wrap was selected the Update Key must be 128-bit (16 bytes) long. If AES-256
Key Wrap was selected the Update Key must be 256-bit (32 bytes) long. The user can either
enter a predetermined hexadecimal code of create a new code in Slate as shown below. This
key is encrypted and sent to the HART 4 module where it is saved into the NV memory of the
module.
NOTE
: The Key update method in Slate is a
write-only
function. Thus once the
key has been downloaded the user will not be able to view the key again. Thus
the user must make provision to document or save the key in a secure manner.
NOTE
: The DNP3 master device must have the same Update Key and security
configuration settings as that of the HART 4 module. Failing to do this will result
in failed data exchange for critical messages.
