We’re working on a project, and we are currently looking at NwkSKey and AppSKey. We want to understand fully where these keys are stored and what exactly they are doing.
We have this diagram - inspired by another diagram
We understand NwkSKey as it is securing the integrity of the data and is stored and handled by Network Server. We rely on The Things Network to handle this.
Then we have AppSKey, which as we understand, is responsible of encrypting and decrypting the payload of our data. We are a little confused here, because we’ve read that AppSKey is handled by the application server… but how can we see unencrypted data on our TTN account? We can see true values from our sensors, which means that the data has been decrypted on TTN. Also, we don’t (as we know) decrypt data we retrieve with node-red from our TTN account… and still we manage to see an unecrypted payload.
In Node-Red we have a node, which is retrieving and accessing our data by using an access key, but we don’t think this is the AppSKey, so we don’t understand how we can retrieve true values.
Our question is, where is AppSKey stored and handled? Is it handled by Network Server? Because then it’s not end-to-end secured, and in that case, is it possible to let Node-Red handle the AppSKey?
Maybe this is how the diagram should look: