Introduction#

The processes described in this application note are all those required to set up Smart Energy (SE) elliptic curve cryptography (ECC)-enabled devices. The processes include the following:

  • Test certificate generation

  • Certificate file manipulation

  • Certificate file programming

  • Installation code generation

  • Installation code programming

  • Application setup (build time)

  • Application setup (run time) if using unique link keys

  • Joining a new device

  • Simplicity Studio Network Analyzer capture setup

While these security resources, which also include Certicom’s ECC library, available upon request from Silicon Labs’ support team, are not necessary for testing SE networks, any devices wishing to participate in or host a Zigbee-compliant, production-grade (non-test) SE network must implement these features.

Readers of this document should be familiar with the Zigbee Smart Energy Application profile (available from the http://www.zigbee.org website in the Standards section) and have basic familiarity with the Silicon Labs’ graphical and command-line-based tools. A number of these processes use utilities available through Simplicity Studio’s development environment, such as Network Analyzer, AppBuilder, and Simplicity Commander. This document also assumes that the user already has access to the Certicom ECC library for their target platform, or an ECC-enabled network coprocessor image, for EZSP-based platforms. For access to this content, please contact the Silicon Labs support team through the Silicon Labs Support portal at https://www.silabs.com/support.

Note: Because the ECC library is compiled with IAR, SE projects should also be compiled with IAR. Projects compiled with GCC may cause unexpected resets.

Smart Energy 1.0 utilized an ECC 163k1 curve with a 48-byte certificate format. All certified devices are required to support this. Smart Energy 1.2 introduces a new curve ECC 283k1, and a 74-byte certificate format. Smart Energy 1.2 devices must support the existing 163k1 ECC curve and may also support the new 283k1 curve, while Smart Energy 1.4 devices must also support the 283k1 curve. (The requirements for what devices must support the 238k1 ECC curve is spelled out in the Zigbee Smart Energy specification.)

The certificates and libraries are not interoperable. To support both curves, two sets of certificates, private keys, and CA public keys must be installed.

Note: Zigbee EmberZNet SDK 7.0 introduced a new component-based architecture, along with a Project Configurator and other tools to replace AppBuilder and plugin configuration. In general, the new software components are comparable to the plugins. Unless otherwise specified, the term "component" should be understood to refer to the corresponding plugin, if you are working in SDK 6.10.x or lower. When applicable, instructions for both version 7.0 and higher and 6.10.x and lower are provided. For more information, see AN1301: Transitioning from Zigbee EmberZNet SDK 6.x to SDK 7.x.