Hi Everyone
Let’s say I have an additional server/client that sends a downlink message and is connected to the application server (AS) via some integration e.g. MQTT. I need to send a downlink message which the LoRa end device have to verify it authenticity whether it is coming from the my server/client connected via integration to AS).
Assume that I use HMAC-SHA256 to check the integrity and authenticity of the downlink message. Is it good to share the secret key to be use along with HMAC-SHA256 (for example, share the secret key immediately after a successful join request)?
My question is it necessary/safe to share the secret key by relying on the fact that communication is secured with LoRaWAN generated keys.
The purpose of generating a key is for the device to be able to identify the server. I know this can be achieved with PKI, suppose the end device is very constrained to perform asymmetric operations.
Thank you. Any comment(s) would be highly appreciated.