Picking an encryption for just works mode with rolling counter

Hello,

We have AES CTR sample  https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/crypto/aes_ctr/README.html which shows how to perform AES encryption and decryption using the CTR block cipher shows mode without padding and a 128-bit AES key. 

To know about authenticated encryption and decryption, you also can look at AES CCM sample. It uses 128-bit key, additional data and a random nonce (https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/crypto/aes_ccm/README.html)

Thanks.

BR

Kazi

''just works mode'' ..does it mean there is built in encryption function?

Sorry, I should have added I'm using the nRF5 SDK 17.1.0, not nrf_connect_sdk. So I'm not sure if what you've added is applicable, although I do see examples on AES CTR and CCM for the nRF52833/ SDK17.1.0.

What I want to know is if there is already an inbuilt mechanism for changing the encrypted text for the same message.

In terms of the just works mode, I mean I have an open service/characteristic operating in just works mode, which isn't encrypted. Which is why I need to manually add the encryption. If I just use an encryption that doesn't change the encrypted text, anyone can sniff the packets and send the encrypted text, which is why I want it to change.

Sorry, I should have added I'm using the nRF5 SDK 17.1.0, not nrf_connect_sdk. So I'm not sure if what you've added is applicable, although I do see examples on AES CTR and CCM for the nRF52833/ SDK17.1.0.

What I want to know is if there is already an inbuilt mechanism for changing the encrypted text for the same message.

In terms of the just works mode, I mean I have an open service/characteristic operating in just works mode, which isn't encrypted. Which is why I need to manually add the encryption. If I just use an encryption that doesn't change the encrypted text, anyone can sniff the packets and send the encrypted text, which is why I want it to change.

 It requires some knowledge about cryptography to be implemented correctly.

There are some pitfalls involved in implementing this. Eg. if the AES CTR counter gets out of synch between the BLE nodes, it can make the recovery of the plaintext fail. So, we can recommend you try, and use built in encryption in BLE.

However, both AES CBC and AES CTR provides the encryption functionality you need. CCM may be a bit complicated for your goal.