EXT000E: Encrypted AES-256-CBC
- Extension dependencies: none
- Document status: Testing
Full encryption using AES 256 CBC with single key buffer for requests and responses. Key exchange via other extensions.
Commands
Section titled “Commands”0018 Send Encrypted Request
Section titled “0018 Send Encrypted Request”Devices supporting this return error 0006 for non-wrapped commands except Handshake, KeepAlive, and encryption setup (e.g., EXT0009).
Request/Response:
<TID> 3900 <LEN> 0018 <PAYLOAD>PAYLOAD Format
Section titled “PAYLOAD Format”<LEN> <CMD> <DATA> <CHKSUM> <PADDING>| Field | Length | Description |
|---|---|---|
LEN | 2 bytes | Length of CMD + DATA |
CMD | 2 bytes | Command code |
DATA | variable | Data field |
CHKSUM | 2 bytes | Byte sum of CMD + DATA |
PADDING | multiple of 16 | Random bytes (min 128 total PAYLOAD) |
Errors
Section titled “Errors”Decryption error (unencrypted):
<TID> 3900 0004 8018 0010All other errors are encrypted within PAYLOAD. If client can’t decrypt response, it must terminate connection.