Link Search Menu Expand Document

Read encrypted DSMR messages

Smartmeters in Luxemborg are encrypting DSMR messages on the P1 port. You can request the key from your energy supplier, the key will look like 056F9B0CFEDF150E889BEAD52FA7A174 (hexadecimal 16 bytes).

Decrypt messages

If you want to enable decrypting you only have to set the key, as argument --enc-key or as environment variable SMARTMETER_ENC-KEY and once you restart it will automatically decrypt and validate the messages.

If you enable the raw tcp socket you can just this application just for decrypting the messages and forwarding them to some other application.

Encryption specs

For those interested the encryption works as follows. They use aes-128-gcm encryption, as found in the specification (page 9). And the decryption is done by the p1-crypt file.

Needed data:

What Docs Value
AAD Additional data (17 bytes) for validation 3000112233445566778899AABBCCDDEEFF hex, default
IV 96 bits total system-title (64 bits) + frame counter (32 bits)  
KEY (request from energy company) 16 bytes / 128 bits 056F9B0CFEDF150E889BEAD52FA7A174 hex, fictive key

Each encrypted message has a sequential number that is specified in the message (the frame counter), this value is then written in the message so you can use it to parse the data.

Each message (converted to hexadecimal representation) looks like this:


And contains the following data:

What Value (sample) bytes specs
Start db 1 hex, static
Length of system title 08 1 hex, static
System title (needed for IV) abcdefabcdef1234 8 8 bytes / 64 bits (or other if length changes)
Number of bytes that follow 000236 ? (use delimeter) 17 + length of data
Delimiter 30 1 hex, static
Unknown value 82 1 hex
Frame counter (needed for IV) 00000a 3 3 bytes / 24 bits
Data :tada: ... (see length above) computed number of bytes
GCM tag 9313c500c1751a5055f02d9d (max) 12 12 bytes / 96 bits