• State Not Answered
  • Replies 1 reply
  • Subscribers 72 subscribers
  • Views 27 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 343525
Options

Clarification on effects of CONFIG_BT_BONDING_REQUIRED=y

MTB

Hello,

I am currently experimenting with bonding and I stumbled over the config CONFIG_BT_BONDING_REQUIRED.

Currently the BLE characteristics of my peripheral do not require authentication. However, I would like generally encrypted communication. For Android I could request the bonding on central side. However, in iOS this seems to be not possible and a bond can only be created if a characteristic requires authentication.

However, there is the  CONFIG_BT_BONDING_REQUIRED configuration. From the name and description I would understand that a bond will be automatically after connecting a central to my peripheral. 

I tried this together with the Android nrf Connect app and my peripheral currently running with NCS v2.8. However, if CONFIG_BT_BONDING_REQUIRED=y I do not see any change when connecting or read/write to my peripheral. No Bonding is requested. 

Are there any further settings to be set besides the configurations?

Thanks.

 

  • 0

    Hi, 

    I see the confusion with the naming of this config. This config does not automatically initiate a bonding by itself. It just says to the central device that it must include a bonding flag in its pairing request.  If the central request pairing without a bonding flag then the peripheral would reject the pairing request when this config is set.

    What you actually need is define your characteristics with Encrypt flag or have AUTHEN if you want to have MITM support something like this

    BT_GATT_CHARACTERISTIC(BT_UUID_CUSTOM,
    BT_GATT_CHRC_READ | BT_GATT_CHRC_WRITE,
    BT_GATT_PERM_READ_ENCRYPT | BT_GATT_PERM_WRITE_ENCRYPT,
    BT_GATT_PERM_READ_AUTHEN | BT_GATT_PERM_WRITE_AUTHEN
    read_func, write_func, NULL)

    I do not think there is any config does this automatic for you. 

    And/Or

    You can se the security level in connection something like this to have only encrypted data exchange

    static void on_connected(struct bt_conn *conn, uint8_t err)
{
    if (!err) {
        int rc = bt_conn_set_security(conn, BT_SECURITY_L2); // or L3/L4
        if (rc) {
            printk("Failed to set security: %d\n", rc);
        }
    }
}

Related
Terms of service