Skip to main content

Migration key

Usage

A migration key should be only used in situations where using an initialization key is impractical.

The initialization key embedding inside the device can be carried out, for example, during its testing phase. Obviously, this operation cannot be performed for devices that are already manufactured and deployed in the field.

In these cases, a key exchange method can be leveraged to convert an existing key already present in the device (called migration key) into an initialization key.

If a known unique key is not already present on the device, it can be provided with a firmware update. This intermediate step can be used only a limited (and configurable) number of times, after which the migration key will be marked as invalid.

Migration key reuse

It is strongly recommended to limit the number of times the same migration key can be used to retrieve the corresponding initialization key: by default, this limit is set to 1.

The key exchange request will return an initialization key that must be stored and used to download configurations. At this point, the migration key can either be invalidated or retained to allow further key exchanges, depending on the usage limit set.

DeviceConnhex Remote InitConnhex Remote Init Migration Key DBConnhex Remote Init Configs DBContinue as in Initialization key procedureread migration key1config request2get migration key3device migration key4validate migration key5get init key6device init key7device init key8store init key9DeviceConnhex Remote InitConnhex Remote Init Migration Key DBConnhex Remote Init Configs DB