• State Verified Answer
  • Replies 8 replies
  • Subscribers 66 subscribers
  • Views 1517 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 309396
Options

How does Identity Resolving Key work? Why does LESC only work when IRK is set to true(zephyr)?

BenSiso

We are using PC-BLE-DRIVER-JS for our central and zephyr in our peripheral  (833).
The central bonded with the peripheral only when the id (IRK) param in our central is set to true.
If IRK set to false the central will not bond with the peripheral.

Only on zephyr we needed to set it to true, on NRF52 we didnt need to set it.

How does IRK work? Why must it be set to enable bonding sec parameters?

code snap(from our central, on authenticate method):

:

    const secParamsCentral: SecurityParameters = {
      bond: true,
      mitm: true,
      lesc: true,
      keypress: false,
      // eslint-disable-next-line camelcase
      io_caps: this.adapter.driver.BLE_GAP_IO_CAPS_KEYBOARD_ONLY,
      oob: false,
      // eslint-disable-next-line camelcase
      min_key_size: 7,
      // eslint-disable-next-line camelcase
      max_key_size: 16,
      // eslint-disable-next-line camelcase
      kdist_own: {
        enc: true /** Long Term Key and Master Identification. */,
        id: true /** Identity Resolving Key and Identity Address Information. */,
        sign: false /** Connection Signature Resolving Key. */,
        link: false /** Derive the Link Key from the LTK. */,
      },
      // eslint-disable-next-line camelcase
      kdist_peer: {
        enc: true /** Long Term Key and Master Identification. */,
        id: true /** Identity Resolving Key and Identity Address Information. */,
        sign: false /** Connection Signature Resolving Key. */,
        link: false /** Derive the Link Key from the LTK. */,
      },
    };

Parents
  • +1

    Hi

    Just to make sure, you still want to have privacy and do bonding, just without the IRK, correct? LESC pairing/bonding requires IRK to work, as this is a step of the privacy/encryption used in our Bluetooth controller stacks.

    You can do pairing without IRKs, but that would be restricty to the JUST_WORKS pairing, see \ncs\v2.4.0\zephyr\subsys\bluetooth\host\smp.c for info on how to use this pairing method. Note that CONFIG_BT_SMP_SC_PAIR_ONLY and CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY must not be set in your project config to use JUST_WORKS pairing.

    Best regards,

    Simon

  • 0 in reply to Simonr

    I am a bit confused, We used to work with NRF5 on our peripheral(before zephyr) and we didnt need to set our central(typescript) IRK (id=false, on ble adapter, pcb-ble-driver-js) and they(our central with our peripheral) successfully bonded with each other(LESC with ltk).

    Does it mean it(IRK) wasn't mandatory on NRF5?
    thank you,

    Ben 

Reply Children
No Data
Related