Hi Nordic Team, I am working on a project where I am using an XBee module as the Zigbee coordinator in a centralized network and an nRF52840 (running the ZBOSS stack from the nRF5 SDK for Thread and Zigbee) as a Zigbee router . We have encryption enabled in the network and would like to use a custom TC link key instead of the default ZigBeeAlliance09 key. The XBee coordinator is responsible for managing the network keys and securely authenticating devices. I came across an older post that mentioned the following: The default TC link key ( ZB_STANDARD_TC_KEY ) cannot be changed without recompiling the ZBOSS library. A custom TC link key can only be implemented if using install codes (a Zigbee 3.0 feature). Given that the post is from over three years ago, I’d like to know if there have been any updates or new APIs introduced in ZBOSS to support the configuration of a custom TC link key in a centralized network scenario. Specifically: Is it now possible to configure a custom TC link key via the ZBOSS stack without recompiling? If the XBee coordinator uses a preconfigured custom TC link key, is there an approach to configure the nRF52840 router to work with it? Are there any additional steps or examples that might help with this configuration? Thanks in advance for your help! I’d greatly appreciate any insights or guidance on this topic. Best regards, Julen

Changing TC Link Key with XBee Coordinator and nRF52840 Router in Centralized Zigbee Network

Hi Nordic Team,

I am working on a project where I am using an XBee module as the Zigbee coordinator in a centralized network and an nRF52840 (running the ZBOSS stack from the nRF5 SDK for Thread and Zigbee) as a Zigbee router.

We have encryption enabled in the network and would like to use a custom TC link key instead of the default ZigBeeAlliance09 key. The XBee coordinator is responsible for managing the network keys and securely authenticating devices.

I came across an older post that mentioned the following:

The default TC link key (ZB_STANDARD_TC_KEY) cannot be changed without recompiling the ZBOSS library.
A custom TC link key can only be implemented if using install codes (a Zigbee 3.0 feature).

Given that the post is from over three years ago, I’d like to know if there have been any updates or new APIs introduced in ZBOSS to support the configuration of a custom TC link key in a centralized network scenario. Specifically:

Is it now possible to configure a custom TC link key via the ZBOSS stack without recompiling?
If the XBee coordinator uses a preconfigured custom TC link key, is there an approach to configure the nRF52840 router to work with it?
Are there any additional steps or examples that might help with this configuration?

Thanks in advance for your help! I’d greatly appreciate any insights or guidance on this topic.

Best regards,

Julen

0 jemalkorra 4 months ago

Hi everyone,

I’ve solved the issue! Now, I’ve configured the Zigbee network to use a Distributed Trust Center (TC), which allows me to use different link keys.

As a thought, in a Centralized TC setup, it might be beneficial if Nordic could modify link keys dynamically instead of relying on the hardcoded Zigbee Alliance Key.

Just an idea—curious to hear your thoughts!

Thanks,
Julen
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Edvin 4 months ago in reply to jemalkorra

Hello Julen,

Sorry for the late reply!

I'm glad to hear that you found a solution.

I will forward your thoughts to our Zigbee team, but I would like to hear your thoughts on the topic first.

What do you imagine being the application flow? Do you want the key to be decided runtime? Or compile time? Do you know any other devices supporting this, and how do they do it?

Best regards,

Edvin
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 jemalkorra 4 months ago in reply to Edvin

Hi Edvin,

No problem, and thanks for getting back to me.

What I want is to have a centralized Trust Center, which in our case will be the XBee coordinator. The idea is to generate the link key dynamically based on some internal information combined with random data. This link key would then be configured through UART, ensuring that all devices share the same PAN ID and link key, with the coordinator acting as the centralized Trust Center.

However, since the link key cannot be changed without distributing the Trust Center, we had to modify the process. I'm not sure if this approach fully aligns with the Zigbee standard, or if there are best practices we might be overlooking. Let me know your thoughts.

Best regards,

Julen
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Edvin 4 months ago

Hello Julen,

I understand. It would require the device to be connected via serial to something that will send it the link key though, right? It is a bit unusual, and not the way I would think that standard zigbee devices would work.

I don't know if you are in control of the FW on all the devices in the network, but I would think Install Codes are made for this purpose. When all devices are using the same link key, it means that most zigbee devices will work in all zigbee networks out there, but you can use install codes to decide what devices that are allowed to join, and to make sure that another network doesn't hijack your device.

Most likely, this feature request will not be added in the current R22 Zboss library, but I can add it so that it can be considered for the R23 Zboss library. This will probably only be supported by the nRF54L series, though.

Best regards,

Edvin
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel