Data format 8 (Encrypted environmental)
Lifecycle: Proposal
Last updated
Lifecycle: Proposal
Last updated
This is a proposed encrypted data format which is not yet implemented in Ruuvi devices outside of a few proof-of-concept projects
The encryption uses nRF52-builtin AES128 encryption in Elctronic Codebook (ECB) mode. Data to be encrypted is temprature, humidity, pressure, voltage, TX power, measurement count and movement counts. The measurement sequence counter protects against replay attacks. All measurements where encrypted data and nonce are equal can be considred duplicates.
Data format has an unencrypted header, 16 bytes of AES-128 encrypted data, 1 byte nonce and 6 bytes long MAC address for iOS devices.
The encryption key is formed from 64-bit tag ID, 8 bit encryption nonce and a static password with length of 16 bytes by appending nonce to ID and XORing the 9 bytes with 9 first bytes of password
If a value cannot be determined for any reason, a special invalid value is sent. For unsigned values the invalid value is largest presentable number, for example 0xFFFF and for signed values the invalud value is smallest presentable number, for example 0x8000. Invalid values should be treated as NULL, NAN, NONE or similar by the parser.
Unencrypted binary:
Encryption key:
Encrypted data: 0x43825B56324FE019C4BD4D6D3CECAC6E
Complete message:
Offset
Allowed values
Description
0
8
Data format.
1-2
-32767 ... 32767
Temperature in 0.005 degrees.
3-4
0 ... 40 000
Humidity (16bit unsigned) in 0.0025% (0-163.83% range, though realistically 0-100%).
5-6
0 ... 65534
Pressure (16bit unsigned) in 1 Pa units, with offset of -50 000 Pa.
7-8
0 ... 2046, 0 ... 30
Power info (11+5bit unsigned), first 11 bits is the battery voltage above 1.6V, in millivolts (1.6V to 3.646V range). Last 5 bits unsigned are the TX power above -40dBm, in 2dBm steps. (-40dBm to +20dBm range).
9-10
0 ... 65534
Movement counter (16 bit unsigned), incremented by motion detection interrupts from accelerometer
11-12
0 ... 65534
Measurement sequence number (16 bit unsigned), each time a measurement is taken, this is incremented by one, used for measurement de-duplication. Depending on the transmit interval, multiple packets with the same measurements can be sent, and there may be measurements that never were sent.
13-16
Any
Reserved for future use.
17
0 ... 255
CRC8, used to check for correct decryption.
18-23
Any valid MAC
48bit MAC address.
Data
Value
Temperature
24.58 C
Humidity
40.54 RH-%
Pressure
100453 Pa
Battery
2.765 V
TX Power
+4 dBm
Movement
15
Measurement
6353
Reserved
0
Checksum
MAC
0xAABBCCDDEEFF
Keys
Binary
ID
0x0011223344556677
Password
0x5275757669636f6d5275757669546167 "RuuvicomRuuviTag"
DF
T
H
P
B+TX
C
M
R
CH
MAC
08
1334
3F58
C515
48E6
000F
18D1
000000E0
1C
AABBCCDDEEDD
Component
Binary
ID
00 11 22 33 44 55 66 77
password
52 75 75 76 69 63 6f 6d 52 75 75 76 69 54 61 67
Result
52 64 57 45 2d 36 09 1a 52 75 75 76 69 54 61 67
DF
T
H
P
B+TX
C
M
R
CH
MAC
08
4382
5B56
324F
E019
C4BD
4D6D
3CECAC6E
1C
AABBCCDDEEDD