• State Not Answered
  • Replies 1 reply
  • Subscribers 67 subscribers
  • Views 19 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 336747
Options

How can I implement PSK pairing for BLE?

GuyYaniv

Hello,

I'm using nRF SDK 2.7.0 and trying to implement PSK type bonding.

From quick ChatGPT search it looks like in past SDK versions there was a way to inject pre shared keys using APIS such as bt_keys_add, bt_keys_get nad bt_keys_create

I see that these APIs are omitted from 2.7.0

What would be the way to inject the keys without the need for pairing using 2.7.0?

Thanks,

Guy.

Parents
  • 0

    Hi Guy,

    Are you asking about using a static/pre shared passkey (the 6 digit number that is used for MITM protection), or to set the LTK and other bonding information? If you want static passkey, that is possible with CONFIG_BT_FIXED_PASSKEY=y and using bt_passkey_set(). However note that a static passkey does not add to security, so if you use this approch, the security of the resulting bond should be consdiered equivalent to just works pairing.

    However, I suspect you want to set all the bonding information, including LTK and peer address (and potentially IRK)? If so, there is no API intended for this use. If you do this in production, one way could be to us a script that generate a hex file with in the settings region that hold the bonding information, and program that. (You could get the starting point of the hex file by bonding and reading back the settings region to get the hex reperesentation of that, so and this is what you manipulate in the script). This is just an idea, though.

Reply
  • 0

    Hi Guy,

    Are you asking about using a static/pre shared passkey (the 6 digit number that is used for MITM protection), or to set the LTK and other bonding information? If you want static passkey, that is possible with CONFIG_BT_FIXED_PASSKEY=y and using bt_passkey_set(). However note that a static passkey does not add to security, so if you use this approch, the security of the resulting bond should be consdiered equivalent to just works pairing.

    However, I suspect you want to set all the bonding information, including LTK and peer address (and potentially IRK)? If so, there is no API intended for this use. If you do this in production, one way could be to us a script that generate a hex file with in the settings region that hold the bonding information, and program that. (You could get the starting point of the hex file by bonding and reading back the settings region to get the hex reperesentation of that, so and this is what you manipulate in the script). This is just an idea, though.

Children
No Data
Related