LoRaWAN DevEUI, AppEUI and AppKey

Question

I'm trying to understand the three magic LoRaWAN IDs from the LoRaWAN 1.2 specification. My understanding is:

• DevEUI is like a MAC address
• AppKey is like a public key (roughly...)
• AppEUI is like a port number

Now I'm having problem understanding who is responsible for creating these IDs:

• DevEUI can be generated from the LoRa chip internal ID registers (I'm using Murata's type ABZ chip)
• AppKey: should it be unique for each end node? Should I choose a random one or ask one from the LoRaWAN provider (e.g. Objenious)?
• AppEUI: should be common to each end node (I guess it should)? Should I choose a random one or ask one from the LoRaWAN provider?

Answer 1

The DevEUI is an ID in the IEEE EUI64 address space used to identify a device. It is supplied by the device manufacturer. A deprecated algorithm exists to convert 48bit MAC addresses to EUI64. For MAC addresses with 6 bytes (e.g. 01 02 03 04 05 06) put ff fe or ff fe in the middle (e.g. 01 02 03 ff fe 04 05 06). This algorithm has been deprecated as it may lead to collisions with other DevEUIs. During over the air activation a DevAddr is assigned to the device. This DevAddr is used in the LoRaWAN protocol afterwards. The DevEUI is sent unencrypted.

The JoinEUI (formerly called AppEUI) is a global application ID in the IEEE EUI64 address space identifying the join server during the over the air activation. For non-private networks it corresponds to a subdomain of joineuis.lora-alliance.org. This server name is used to find the IP address of the join server via DNS. This is described in LoRaWAN™ Back-End Interfaces v1.0.

AppKey is the encryption key used for messages during every over the air activation. After the activation the AppSKey is used. A listener knowing the AppKey can derive the AppSKey. So you want to keep the AppKey secret. Which side of the communication channel creates it is not important. You simply want to be sure that it is random.