This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

encryption and decryption of advertising data

Naralasetty Praneeth over 5 years ago

Hii nordic;

I need to encrypt and decrypt my advertising data i.e;UUID,Major,Minor,etc.; of my nrf52832

So it cannot be seen by third parties

my sdk version is 15.2 and softdevice is 132

Top Replies

bjorn-spockeli over 5 years ago in reply to shivali singh +1

Hi Naralasetty and Shivali, I apologize for the very late reply. I have modified the decryption_central project's main.c file to extract the nounce from the scan response packet and extract the beacon…
kathleenlai over 4 years ago in reply to bjorn-spockeli +1

Hi Bjorn, would like to know what's the different calling ctr_encrypt(m_beacon_info); ctr_encrypt(&m_beacon_info[16]); we necessary have to do this twice to encrypt ? Thank you. Regards, Kat…

Parents

0 bjorn-spockeli over 5 years ago

Hi Naralasetty,

you can use the ECB peripheral to encrypt the advertisement data. See our Intro to Application-level Security Using the ECB Peripheral blog post.

Best regards

Bjørn
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Naralasetty Praneeth over 5 years ago in reply to bjorn-spockeli

Hi bjorn,

I need the code for latest soft device 132
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Naralasetty Praneeth over 5 years ago in reply to bjorn-spockeli

hi bjorn-spockeli,

it has been 26 days please respond
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 bjorn-spockeli over 5 years ago in reply to Naralasetty Praneeth

You need to send the nounce used by the advertiser to the central in order to decrypt the message on the central side.

Since you are basing this on advertisement data, then you would have to place the nounce in the advertisement packet or the scan response packet for the central to decrypt the advertisment data. In addition you would have to make sure that the counters are in sync as well. In addition the advertisment data is the beacon UUID, major, minor etc, which is fixed and will not be changed during the lifetime of the device, so you will in reality only encrypt this once with counter values 0x00 and 0x01.

Hence, I am beginning to doubt that this is the correct way of encrypting advertisment data. I think it might be much easier to just use an XOR cipher instead, i.e. just XOR the advertisement data with the m_ecb_key. That way you would not need to send any nounce nor keep any counters in sync.

It would be helpful if you could share a bit more on what the use case for the code is.

Best regards

Bjørn
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Naralasetty Praneeth over 5 years ago in reply to bjorn-spockeli

bjorn-spockeli:

We are working on an application based on Id cards which broadcasts its information and gateway reads the information it and sends to a server. Now the problem is that the ID card's information should not be cloned by any third party.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 bjorn-spockeli over 5 years ago in reply to Naralasetty Praneeth

Understand.

As I stated in my previous reply, exchanging the nounce and keeping counters in sync is complicated when only doing advertisement. The added complexity cannot really be justified when you're only encrypting two 16 byte buffers on boot and then keeping the advertisment data static.

My suggestion would be to create a unique key for each device and then simply use sd_ecb_block_encrypt to encrypt the advertisment data. The central would then hold a copy of each unique key and then use the same function sd_ecb_block_encrypt to decrypt the data.

Best regards

Bjørn
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Naralasetty Praneeth over 5 years ago in reply to bjorn-spockeli

bjorn-spockeli: can you give me code for peripheral and central if available
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Naralasetty Praneeth over 5 years ago in reply to bjorn-spockeli

bjorn-spockeli: can you give me code for peripheral and central if available
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data