11
The following picture shows the Multicast network session key, the Multicast application session key, and the McKey of the nodes that I set myself. However, even after the settings were completed, multicast communication still couldn't be carried out after Time2SessionStart. I would like to know if there are any requirements for the setting of these three keys?
Please note that the MCKey is used to derrive the Multicast McNwkSKey / McAppSKey. Therefore, at the ChirpStack side when creating the multicast-group, you only have to configure the Multicast McNwkSKey / McAppSkey.
Using the Remote Multicast Setup protocol (I assume that is what you are using to make the device aware about the multicast-session), you send the (encrypted) MCKey to the device. The device will use this key to then derrive the Multicast McNwkSKey / McAppSKey using the following scheme:
I have a followup question to this answer. It is entirely possible that I misunderstanding something obvious here, and if so, I apologize in advance.
I understand that McKey is used to derive McNwkSKey and McAppSKey. However, the server has to tell the end device McKey_encrypted in a McGroupSetupReq command, right? How does the server figure out what McKey_encrypted is for this command? On the ChirpStack side, we only tell it McNwkSKey/McAppSKey, and it is not clear to me how one can derive McKey_encrypted given that information without brute forcing it.
The McKey_encrypted is part of the Remote Multicast Setup spec, which is an application-layer protocol. Adding a device to a multicast-group in ChirpStack does not trigger this command, you must sent it yourself. Only in case of FUOTA does ChirpStack send this. I assume in your case, you need to send this command yourself.
