BLE Encryption without any

Well... what i ment is that i want to know whether there is a way for slave to encrypt a link by using ediv and rand from a master through sd_ble_gap_encrypt() or not.

According to the Bluetooth Specification: "If at least one authentication has been performed, encryption may be used". So no, this is not possible. The reason for this is that ediv and rand (along with the other keys) are distributed during the pairing process (specifically phase 3, Key Distribution).

Have a look at the Core Specification Version 5.0, Vol 3, Part H, Section 2.4. It covers the details of pairing and encryption.

The only workaround is if the two devices were bonded (i.e. if the devices were previously paired, and the keys distributed have been stored by the slave). The previously distributed keys can then be used to encrypt the connection.

Thank you for your reply.

Firstly let me check the specification that you mentioned about. I'll let you know if i have a further question.

The peripheral/slave cannot initiate the encryption procedure, it cannot call sd_ble_gap_encrypt().

It can only call sd_ble_gap_authenticate(), and then it is up to the central device to initiate the procedure and encrypt the link (if the devices have a bond).

Thank you for reply.

Whst about the role of the central ? Is it possible to call sd_ble_gap_encrypt () without calling any pairing API functions or bonding API function in the role of central in nRF52 DK just for test purpose ?