Skip to main content

Encryption

The data payload of the Shelly BLU devices can be encrypted.

According to BTHome speciffications, BTHome encryption Shelly BLU devices use AES encryption (CCM mode) using a pin code, given by the user. When encrypted, the data can only be read by knowing the encryption key.

The encryption key can be obtained by reading it from the device (pairing is required).

Encryption is activated by writting a 6 digit code to the Passkey charackteristic. Decryption is only possible with factory reset.

After device is encrypted, further connection to it will require the pin code.

CharacteristicUUIDTypeLengthPropertiesFunction
Factory resetb0a7e40f-2b87-49db-801c-eb3686a24bdbbyte1Write bonded, write without response bondedWrite 1 to restore factory settings
Passkey0ffb7104-860c-49ae-8989-1f946d5f6c03byte4Write bonded, write without response bondedUser defined passkey for bonding and encryption (0-999999). Little endian encoded
Encryption keyeb0fb41b-af4b-4724-a6f9-974f55aba81abyte16Read bondedAES CCM encryption key (randomly generated on each change of the current passkey)