Changing the current authentication key – Echelon OpenLDV User Manual

112

Extending xDriver

unique, 32-character hexadecimal string representing the 128-bit MD5 key that

is used by the RNI.
The xDriver lookup interface includes the SetNextAuthenticationKey()

method, which fills the next authentication key to be used by the RNI into the

SCO. If no change the authentication key used by the RNI is desired, the next

authentication key must be the same as the current authentication key. This

field must be filled in immediately after the current authentication key is filled

in.
After these SCO fields are filled in, the xDriver protocol engine generates a 128-

bit digest based on the current authentication key; this digest is sent as part of

every message to the RNI at the other end of the connection. The digest is

extracted by the RNI and compared to a digest produced by the authentication

key configured into the RNI. If the two digests match, then the two keys must

match and the authentication succeeds.
The current and next authentication keys filled into the SCO must match the

authentication key configured into the RNI. You can fill in an authentication key

of all 0s to use the pre-defined, default factory authentication key for the RNI as

the current authentication key. The default factory authentication key is not

secure.

Changing the Current Authentication Key

You can use the SetNextAuthenticationKey method from your lookup

extension component to change the authentication key within an RNI by filling a

next authentication key into the SCO that is different from the current

authentication key. This method initiates an incremental change to the

authentication key that is configured into the RNI, so that it will end up with the

key specified as the Next Authentication Key as its authentication key.
After this change is complete, xDriver calls the UpdateLookup method in the

lookup extension component to acknowledge the change to the RNI’s

authentication key. The lookup extension component muts implement an update

to the database from the UpdateLookup method, so that the new current value

of the authentication key is recorded in the database, and the current

authentication key in the database matches the key in the RNI. The current and

next authentication keys must always be stored in the database, and can only be

updated when the UpdateLookup method is called.
Table 36 on page 113 describes the flow of events that occurs when the next

authentication key field is used to update the authentication key of an RNI. In

this example, the lookup extension fills different MD5 authentication keys into

the current authentication key and next authentication key fields into the SCO.

The table uses a sample authentication key (such as ABCD) that does not use the

required format.