Time to understand read/write, read_perm/write_perm, rd_auth/wr_auth

Adding my own finding here:

If I set the read_perm to BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM, when master send read request to slave, slave will respond with Insufficient Authentication

If I set rd_auth to 1. the master won't get "insufficient authentication" err code from slave, but won't get the reading either.

So either auth or perm will stop master reading the characteristic value, but if set read_perm to be encrypted, master will get an error message "insufficient authentication"

You have attribute permissions and characteristic properties.

Attribute permissions are described in Vol. 3, Part F, Section 3.2.5, and Characteristic properties are described in Vol. 3, Part G, Section 3.3.1.1 in the Bluetooth Core Specification v4.2.

The characteristic properties determine how the characterisitic value can be used, this information is given to the GATT client as a reference. So you tell the client if the characteristic value can be notified, read, written and so on.

The attribute permissions specify if an attribute can be read/written at all, if it can be read/written if the link is encrypted, if it can be read/written if the link is authenticated, and if it requires authorization to be read/written. The attribute permissions are not given to the GATT client.

So if you try to read an attribute that has can't be read, you should get "Read Not Permitted", if you try to read an attribute that requires encryption, on a link that is not encrypted, you should get "Insufficient Encryption" and so on.

All attributes values have permissions, service declaration, characteristic declaration, characteristic value declaration..., but for some of these the permissions are specified by the spec, so the SoftDevice doesn't allow you to change them. For example the service declaration shall be read only, and require no authentication or authorization. But the permissions for the attribute value of the characteristic value declaration can be modified.