My KNX integration was working without any issues - but a couple of weeks ago (~3-5) I started to get the following message "knx data secure-telegramme können nicht entschlüsselt werden" (KNX Data Secure telegrams cannot be decrypted). Most of my KNX devices do not support KNX data secure - only my IP Router, my line couplers, and three motion detectors do. What has changed in the KNX integration or HomeAssistant, which could have caused this?
Hi 
!
It now reports this if any configured (for an entity) GA receives a secure (or non-secure if it is configured secure) telegram. Previously to 2025.12 (irrc) these would only log some debug message.
You can have a look at the group monitor for the GA to see if you can find the invalid telegram. The repair issue will list all GAs where this happened.
Clicking on the error message I get "Telegrams sent to group addresses used in Home Assistant could not be decrypted because the Data Secure keys are missing or invalid:" together with a long list of group addresses. None of those group addresses are on the main line. And I found that all of the group addresses on the list had the security setting "off" - I now changed them to "automatic" - but still the same I updated the keys - no effect. And, by the way, none of the devices mentioned in the list in HomeAssistant supports data secure.
Search one of them in HAs group monitor.
If you can't find anything, increase the logged telegrams (Knx integration options) and wait until the issue reappears (it should be gone after updating the key file).
This is about group addresses, not about devices. Any device or software can send to every group address.
And is there another telegram, a DataSecure one, for the same GA too?
No. Only non-secure ones appear in the monitor - but at the same time the non-secure one appeared in the monitor it also appeared in the error list.
I just tried sending from Home Assistent to the same address. Home Assistant tried sending it secure - but the light was not switched on.
I found my error - I exported the keychain from ETS security, but I should have exported and imported the interface information. Unfortunately, HomeAssistant asked for a keychain and not for the interface information.
1 Like
Great!
HA can use both, a keyfile with all or just one interface. There have been bugs in ETS with exporting these files, adding keys to not-anymore-secure GAs.
Anyway, if you have exported only a single interface, only this will be used for connection. So that's probably what most users want.