What exactly is AES-128 Encryption?
The configuration packet is encrypted using AES-128 CBC. The packet also contains a MAC for packet validation.
The private key is stored on the beacon and on CMS. A new configuration can be created on phone or on CMS. If it is created on phone, it is sent to CMS for encryption. After the configuration is ready, it is encrypted with the private key and sent to the phone and then transferred to the beacon. If the packet is valid, it is decrypted and new values are applied. If not, the packet is discarded. You need to have a connection between phone and CMS in order to obtain the encrypted version of the config.
Posted in: Firmware