Hi guys, I've reviewed the documentation showing some example key distribution settings here: https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v15.0.0%2Flib_pm_usage.html and have looked around the forums, but am finding my understanding of when to and not to distribute/receive various keys is still pretty incomplete. From what I can see in these examples: The id key (Identity Resolving Key) is used when you want to use a private address The enc key (LTK) is used when supporting bonding when keyboard input can't be supplied (seems unlikely the keyboard input becomes the LTK so why is sharing turned off in this example?) OOB pairing doesn't share any keys because the required information is in the OOB, but if I wanted to support other modes as well I'd presumably still have to share keys? I also understand depending on the security mode, there's a different expectation on whether the peripheral or central shares the LTK key? What are the risks if I share a key when I'm not supposed to for my mode of operation, if any? When might I need the sign key? As this isn't discussed anywhere. Hopefully you can see I'm having to make a lot of assumptions, some of which I'm sure are wrong. I'd very much appreciate if anyone's able to clarify when each key is supposed to be used and any 'gotchas' I should be aware of. Many thanks

Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs

This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Key Distribution Explanation

Hi guys,

I've reviewed the documentation showing some example key distribution settings here: https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v15.0.0%2Flib_pm_usage.html and have looked around the forums, but am finding my understanding of when to and not to distribute/receive various keys is still pretty incomplete.

From what I can see in these examples:

The id key (Identity Resolving Key) is used when you want to use a private address
The enc key (LTK) is used when supporting bonding when keyboard input can't be supplied (seems unlikely the keyboard input becomes the LTK so why is sharing turned off in this example?)
OOB pairing doesn't share any keys because the required information is in the OOB, but if I wanted to support other modes as well I'd presumably still have to share keys?
I also understand depending on the security mode, there's a different expectation on whether the peripheral or central shares the LTK key?
What are the risks if I share a key when I'm not supposed to for my mode of operation, if any?
When might I need the sign key? As this isn't discussed anywhere.

Hopefully you can see I'm having to make a lot of assumptions, some of which I'm sure are wrong.

I'd very much appreciate if anyone's able to clarify when each key is supposed to be used and any 'gotchas' I should be aware of.

Many thanks