Encryption
NwkSKey and AppSKey are never sent through the air.
DevAddr, NwkSKey and AppSKey are predefined and stored in both node and server. NwkSKey are used to encrypt port 0 FMPayload. AppSKey are used to encrypt none port 0 FMPayload.
DevEUI, AppEUI and AppKey are predefined and stored in both node and server.
JoinRequest message will carry “DEVEUI”, “APPEUI”, “DEVNONCE” in a non-encrypted message. Server will check “DEVEUI” and “APPEUI” decide whether the device is registered or illegal. If the device is registered one, then server will send an encrypted JoinAccept message with predefined AppKey. The JoinAccept message includes AppNonce, NetId, DevAddr. After valid JoinAccept is received by node, the node will derive NwkSKey and AppSKey use AppKey, AppNonce, DevNonce and NetId, server will do the same after JoinAccept is sent. After node receives DevAddr and derives NwkSKey and AppSKey, the node becomes almost the same as ABP mode, except it need monitor the connection between gateway/server and rejoin when connection is lost.
Please check LoRaWAN specification to know the difference between AppSKey and APPKey.
AppNonce are One-Time-Key(key seed) to enhance LoRaWAN security. Which means attackers can't record and resend JoinRequest to attack LoRaWAN network.