LoRaWAN 1.0.4 Specification in Depth For End Device Developers

If a separate join server is used, the network server passes the Join Request to that join server to handle the request. If a separate join server is not used, the network server’s own join server component handles the request.

The join server uses the AES 128-bit encryption algorithm to calculate the NwkSKey and the AppSKey. For both keys, the encryption key used is the AppKey which was provided in step 2 (Provision Network Server and Join Server with Keys). The data input to the encryption includes the Join Request DevNonce, a join server nonce (JoinNonce) generated by the join server, and the server’s network identifier (NetID). When generating the NwkSKey, the server also includes a value of 0x01 to differentiate the key from the AppSKey which uses a value of 0x02.

The NwkSKey is provided to the network server by the join server so that it can be used to sign and verify the integrity of messages and encrypt MAC-only data frames.

The AppSKey is provided to the application server by the join server so that it can be used to encrypt and decrypt application data frames.

In order that the end device can derive the exact same keys as the network server, the JoinNonce and NetID are returned to the end device in the next step, the Join Accept. There, the end device will derive the same keys, as described below.