Implementing pairing in nRF52832 in nRF Connect SDK

Hi BR,

For this you can both have a look at the HRS sample as well as the academy fundamentals course on BLE (for the more generic aspect):

https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/samples/bluetooth/central_and_peripheral_hr/README.html 

https://academy.nordicsemi.com/courses/bluetooth-low-energy-fundamentals/

Kind regards,
Andreas

Thanks for your comment!

Regarding the central_and_peripheral_hr sample, it did not provide much of information for this specific case, but the bluetooth-low-energy-fundamentals lesson did provide more useful insights, especially regarding changes required to prj.conf, advertisements and the reference to settings_store().

This question [here] mentions another function which is required for achieving Level 4, bt_conn_set_security(conn, BT_SECURITY_L4).

Now my next steps are (1) I want some characteristics to be available exclusively when pairing has been achieved and exchanges go over an encrypted channel, and (2) I want to set the initial PIN programmatically, not random value.

(1) I've added the permissions BT_GATT_PERM_WRITE_ENCRYPT and BT_GATT_PERM_READ_ENCRYPT to those characteristics I want to protect, assuming channel encryption is only available after authentication has been completed. Is this assumption correct?  Or should I need to do something else/more?

(2) How can I do for setting the PIN programmatically?

BR,

V. Lorz

Thanks for your comment!

Regarding the central_and_peripheral_hr sample, it did not provide much of information for this specific case, but the bluetooth-low-energy-fundamentals lesson did provide more useful insights, especially regarding changes required to prj.conf, advertisements and the reference to settings_store().

This question [here] mentions another function which is required for achieving Level 4, bt_conn_set_security(conn, BT_SECURITY_L4).

Now my next steps are (1) I want some characteristics to be available exclusively when pairing has been achieved and exchanges go over an encrypted channel, and (2) I want to set the initial PIN programmatically, not random value.

(1) I've added the permissions BT_GATT_PERM_WRITE_ENCRYPT and BT_GATT_PERM_READ_ENCRYPT to those characteristics I want to protect, assuming channel encryption is only available after authentication has been completed. Is this assumption correct?  Or should I need to do something else/more?

(2) How can I do for setting the PIN programmatically?

BR,

V. Lorz

Hi,

V.Lorz said:

(1) I've added the permissions BT_GATT_PERM_WRITE_ENCRYPT and BT_GATT_PERM_READ_ENCRYPT to those characteristics I want to protect, assuming channel encryption is only available after authentication has been completed. Is this assumption correct?  Or should I need to do something else/more?

You are on the correct path here.

For some additional security you could always have as a criteria that the entire connection is encrypted, i.e that you demand bonding from the start and not to only have some characteristics encrypted and others not. 

From ...\zephyr\include\zephyr\bluetooth\gatt.h you also have 

/** @brief Attribute read permission with LE Secure Connection encryption.

     *

     *  If set, requires that LE Secure Connections is used for read access.

     */

    BT_GATT_PERM_READ_LESC = BIT(7),

    /** @brief Attribute write permission with LE Secure Connection encryption.

     *

     *  If set, requires that LE Secure Connections is used for write access.

     */

    BT_GATT_PERM_WRITE_LESC = BIT(8),

V.Lorz said:

(2) How can I do for setting the PIN programmatically?

You can use https://docs.nordicsemi.com/bundle/ncs-latest/page/kconfig/index.html#CONFIG_BT_FIXED_PASSKEY Do note that this gives you no security and can the passkey can be brute forced with relative ease. It's only "use case" is to ensure that user and it's device are talking to the correct device since both devices has the same key.

Kind regards,
Andreas