Encryption and downlink guidelines

I am in the process of building a remote controlled device that I need to send data down to once a day.

So far my idea is to do one uplink where the network responds with a key that I have generated for encryption, after getting this key use it to encrypt data from the device and do an hourly checkin. I would only need to do one more downlink message to confirm when the device should switch on and for how long.

Now I have 2 questions, first is that there is a downlink restriction on size, so the key I was planning on using woulld be too large, RSA, secondly, is this standard practice to get a ‘public’ key to do on device encryption or would one rather program this key into the device on production? Or thinking of it another way, is encryption on the device even needed?

Just to be sure: you know that the LoRaWAN specifications define encryption of the LoRaWAN application payload? (Although that’s not 100% correct in LoRaWAN 1.0.2, so you need to trust the network provider.)

As for the size: downlinks have the same size limitations as uplinks. See the LoRaWAN regional parameters for your region for the numbers, though some networks and libraries only support smaller messages. And the Fair Access Policy limits the number of downlinks to 10 per day. See Limitations: data rate, packet size, 30 seconds uplink and 10 messages downlink per day Fair Access Policy.

So what you are saying is, if I understood that thread and the documents correct, the data is encrypted on the device using the session keys, so no data is transmitted in the clear?

Because if this is the case, that would mean that my only downlink messages would be tiny 4 byte messages which would be perfectly acceptable?