First: I assume that I encrypt the entire frame (including start byte and checksum). Is that correct?
Second: I have the Tx nonce value and I’m trying to understand the correct way to use it in the AES CTR mode encryptor. My current understanding is that it’s a 16-length byte array where the first 12 bytes are the nonce and the remaining 4 bytes are the zero-padded integer, i.e.
XBee3 Pro Manual, page 315: “Upon completion of M2 verification, the session key has been determined to be correct and the API service is unlocked and will allow additional API frames to be used. Content from this point will be encrypted using AES-256-CTR with the following parameters…”