• State Suggested Answer
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 67 subscribers
  • Views 5564 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 234749
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

BLE encryption link

abe

Hello, I'm developing application starting from blinky example extracted from nRF5_SDK_15.3.0_59ac345 SDK.
I see (using nRF Connect) that the connection result as "unencrypted link" (image here below)
How can I make the link secured with encryption? There is an example on SDK that show how to make it?
Thanks
A. Barbieri - Italy

  • 0

    Hi, 

    There are some examples in the SDK that uses encryption (bonding). You can take a look at the Bond Management Application example or Proximity Application example.

    -Amanda H. 

  • 0 in reply to Amanda Hsieh

    Hi,

    If I have good understand, the encryption is performed only with bonding??
    I'm developing a new board that have a BLE peripheral (starting from blinky example) and my goals is to encrypt the communication only with/during pairing, this custom project don't wish bonding.
    There is any way to do encryption without bonding?
    Abele

  • 0 in reply to abe

    Hi Abele, 

    You don't have to bond to get an encrypted link. You will get an encrypted link if you pair, but if you don't bond, you will have to pair every time you connect to get an encrypted link. Also, see my colleague explained in this post.

    The Peer manager implements pairing and has a bond field in the security parameters that you pass when it is initialized. By setting that to 0 you indicate that bonding is not supported. With this change, pairing will take place as before, but there will be no bonding (storing of bonding information such as keys)

     -Amanda H.

  • 0 in reply to Amanda Hsieh

    Thanks Amanda. I read the post you link above, but if I well understand explain hot to set encryption one single gatt characteristic at time.

    I see peer_manager_init, with some Security parameters macro 

    /**@brief Function for the Peer Manager initialization.
 */
static void peer_manager_init(void)
{
    ble_gap_sec_params_t sec_param;
    ret_code_t           err_code;

    err_code = pm_init();
    APP_ERROR_CHECK(err_code);

    memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

    // Security parameters to be used for all security procedures.
    sec_param.bond           = SEC_PARAM_BOND;
    sec_param.mitm           = SEC_PARAM_MITM;
    sec_param.lesc           = SEC_PARAM_LESC;
    sec_param.keypress       = SEC_PARAM_KEYPRESS;
    sec_param.io_caps        = SEC_PARAM_IO_CAPABILITIES;
    sec_param.oob            = SEC_PARAM_OOB;
    sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
    sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
    sec_param.kdist_own.enc  = 1;
    sec_param.kdist_own.id   = 1;
    sec_param.kdist_peer.enc = 1;
    sec_param.kdist_peer.id  = 1;

    err_code = pm_sec_params_set(&sec_param);
    APP_ERROR_CHECK(err_code);

    err_code = pm_register(pm_evt_handler);
    APP_ERROR_CHECK(err_code);
}

    and gap_params_init, where is used the macro BLE_GAP_CONN_SEC_MODE_SET_OPEN.

    /**@brief Function for the GAP initialization.
 *
 * @details This function sets up all the necessary GAP (Generic Access Profile) parameters of the
 *          device including the device name, appearance, and the preferred connection parameters.
 */
static void gap_params_init(void)
{
    ret_code_t              err_code;
    ble_gap_conn_params_t   gap_conn_params;
    ble_gap_conn_sec_mode_t sec_mode;

    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&sec_mode);

    err_code = sd_ble_gap_device_name_set(&sec_mode,
                                          (const uint8_t *)DEVICE_NAME,
                                          strlen(DEVICE_NAME));
    APP_ERROR_CHECK(err_code);

    /* YOUR_JOB: Use an appearance value matching the application's use case.
       err_code = sd_ble_gap_appearance_set(BLE_APPEARANCE_);
       APP_ERROR_CHECK(err_code); */

    memset(&gap_conn_params, 0, sizeof(gap_conn_params));

    gap_conn_params.min_conn_interval = MIN_CONN_INTERVAL;
    gap_conn_params.max_conn_interval = MAX_CONN_INTERVAL;
    gap_conn_params.slave_latency     = SLAVE_LATENCY;
    gap_conn_params.conn_sup_timeout  = CONN_SUP_TIMEOUT;

    err_code = sd_ble_gap_ppcp_set(&gap_conn_params);
    APP_ERROR_CHECK(err_code);
}

    What happens if I change the macro inside this two functions?
    For example, using in gap_params_init the macro BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM or in peer_manager_init changing the SEC_PARAM_MITM macro define 0 to 1?

    Many thanks for your help

    Abele

  • 0

    Hi Abele, 

    If I understand correctly, you are asking:

    What will happen if

    • BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM replaces BLE_GAP_CONN_SEC_MODE_SET_OPEN in the gap_params_init()

    => Set sec_mode pointed to by &sec_mode to require encryption, but no MITM protection. You might see this situation.

     

    • Modify the SEC_PARAM_MITM definition from 0 to 1 for peer_manager_init

    => Man In The Middle protection is required. You might see the case in the nRF5 SDK v15.3.0: Usage.

    -Amanda H.

Related