ECB key transfer during pairing

Hi again, so you want to use nRF52 and LE Secure Connections. This is using proper ECC DH key exchange with static and ephemeral key pairs which is not possible to crack by passive listening. That's good. However because there is no link or central certification authority in the ecosystem you need to "authenticate" that correct peers talk together. Again there are different ways how to solve it and some basic assumptions to be even able to do it. If you have no input or output interface on either device you need to settle with unauthenticated key exchange which is vulnerable to Men In The Middle attack (MITM) - but that would be active not passive. That's quite OK. For more read BT SIG Core specification v4.2 (or v5.0) and study Vol. 3 Part H, Chapter 2 "Security Manager" where are all details. The final AES key is generated (pretty complex process) so you don't need to think about it.

Hi Endnode, Thank you for your patience :). Can you please elaborate on " Again there are different ways how to solve it and some basic assumptions to be even able to do it." and "The final AES key is generated (pretty complex process) so you don't need to think about it."? I read the SIG core specs but I am still confused about AES key exchange. When does this happen? After pairing or during pairing? I am planning to use Just works with LE secure, no I/O, no MITM. I want to use AES ECB to encrypt data.

That's the part which confuses me: you say that you want to use LE Secure Connection and then you speak about AES ECB. If you want to use LE SC then stop speaking about AES ECB and stop even thinking about it because there is no option, just specification to follow. To the steps: If you see Security Manager description (BT SIG Core v4.2, Vol 3, Part H, Chapter 2) then you see that Pairing is 3-step process where in second step Long Term Key (LTK) is generated and in third step you use specific Transport Key(s) by using LTK. Once you are paired you always do only 3rd step, LTK stays the same on both sides (you need to keep some sort of database, that's what "peer manager" module in Nordic SDK is for, obviously just one example of many ways how to manage these). Then in chapter 2.2 you see full "Cryptographic Toolbox" which tells you all the details about how LTK is generated in 2nd step..

.. and how Transport specific key(s) are generated in 3rd phase from LTK. You either understand it or not, that's very hard to bypass. If you cannot follow all the details then don't worry, that's most of the world. Just study Nordic SDK examples and they will show you how all the steps are implemented. You don't need to understand all the details just major use case (which you seems to get correctly: use LE Secure Connections without MITM protection with Just Works because you have no real option). Just make sure that all the peers you intend to use support this BT 4.2 pairing method, as far as I know many phones don't support it so you might need to support the legacy LE pairing method as well.

Hi Endnote, Thank you for your inputs and your patience :). I have implemented a system with LE legacy pairing using Just Works and no MITM.