Encryption
The data payload of the Shelly BLU devices can be encrypted.
According to BTHome speciffications, BTHome encryption Shelly BLU devices use AES encryption (CCM mode) using a pin code, given by the user. When encrypted, the data can only be read by knowing the encryption key.
The encryption key can be obtained by reading it from the device (pairing is required).
Encryption is activated by writting a 6 digit code to the Passkey charackteristic. Decryption is only possible with factory reset.
After device is encrypted, further connection to it will require the pin code.
| Characteristic | UUID | Type | Length | Properties | Function |
|---|---|---|---|---|---|
| Factory reset | b0a7e40f-2b87-49db-801c-eb3686a24bdb | byte | 1 | Write bonded, write without response bonded | Write 1 to restore factory settings |
| Passkey | 0ffb7104-860c-49ae-8989-1f946d5f6c03 | byte | 4 | Write bonded, write without response bonded | User defined passkey for bonding and encryption (0-999999). Little endian encoded |
| Encryption key | eb0fb41b-af4b-4724-a6f9-974f55aba81a | byte | 16 | Read bonded | AES CCM encryption key (randomly generated on each change of the current passkey) |