The Z-network - page 5

All Z data transmissions are end-to-end encrypted, of course.

All customers provide or are provided with a default encryption key, called the customerKey.

All Z-devices have, burnt into them at manufacture, their serial number, customer ID, and deviceKey. The deviceKey is randomly generated and specific to that one Z-device.

Encryption of all commands and all data in reply to them is done with either the customer's customerKey, or the device's deviceKey. By default, Z-devices are shipped in the "use customerKey" state.

We can go back and forth between the two keys by sending the device an "enable customerKey" or "enable deviceKey" command. One of the two is always enabled.

If you don't know a device's deviceKey and you send it an "enable deviceKey" command, you have just bricked your device!

The only way to find out a Z-device's deviceKey is to send it a "replyWith deviceKey" command. This command would itself be encrypted with the customerKey, but additionally, will not work unless you have physical possession of the device and can insert a paperclip through a tiny hole (found in all Z-devices), at the moment the command is sent.