• State Suggested Answer
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 67 subscribers
  • Views 5571 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 234749
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

BLE encryption link

abe

Hello, I'm developing application starting from blinky example extracted from nRF5_SDK_15.3.0_59ac345 SDK.
I see (using nRF Connect) that the connection result as "unencrypted link" (image here below)
How can I make the link secured with encryption? There is an example on SDK that show how to make it?
Thanks
A. Barbieri - Italy

Parents
  • 0

    Hi Abele, 

    If I understand correctly, you are asking:

    What will happen if

    • BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM replaces BLE_GAP_CONN_SEC_MODE_SET_OPEN in the gap_params_init()

    => Set sec_mode pointed to by &sec_mode to require encryption, but no MITM protection. You might see this situation.

     

    • Modify the SEC_PARAM_MITM definition from 0 to 1 for peer_manager_init

    => Man In The Middle protection is required. You might see the case in the nRF5 SDK v15.3.0: Usage.

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    Hi Amanda,

    I tried some test with the macro you quote me. I'm using nRF Conncet v3.1.0 for desktop to check the results.
    Now I'm able to perform a "pairing" that result as "Unauthenticated encrypted link" (see image here below)
    My goal is to enable data write ONLY if the device is paired. How can I make this?
    Now only connection is enough to write data.
    Further, using nRF Connect for Android phone, how can I perform "pairing"??

    Many thanks for your help.
    Regards

    Abele

  • 0 in reply to abe

    Hi Abele, 

    abe said:
    My goal is to enable data write ONLY if the device is paired. How can I make this?

      You can modify the "Properties" field in the Characteristic Declaration has changed to "Write". In this Bluetooth low energy Characteristics, a beginner's, Step 2.F section shows how to add read/write properties to our characteristic value. You can disable the write property part.

    abe said:
    Further, using nRF Connect for Android phone, how can I perform "pairing"??

    The BLE stack automatically pops up an alert view to prompt the user to confirm or cancel the pairing process. You can try HID Keyboard Application on nrf52840 DK with an Android phone. 

    -Amanda H. 

  • 0 in reply to Amanda Hsieh

    Hi Amanda,

    Using the macro BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM on characteristic configuration, GATT write is enabled ONLY with pairing (unauthenticated encrypted link).
    here my code:

    static uint32_t custom_value_char_add(ble_cusi_t * p_cusi, const ble_cusi_init_t * p_cusi_init)
{
    uint32_t            err_code;
    ble_gatts_char_md_t char_md;
    ble_gatts_attr_md_t cccd_md;
    ble_gatts_attr_t    attr_char_value;
    ble_uuid_t          ble_uuid;
    ble_gatts_attr_md_t attr_md;

    // Add Custom Value characteristic
    memset(&cccd_md, 0, sizeof(cccd_md));

    //  write operation on cccd should not be possible without authentication.
    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.read_perm);
    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&cccd_md.write_perm);
    
    cccd_md.write_perm = p_cusi_init->custom_value_char_attr_md.write_perm;
    cccd_md.read_perm  = p_cusi_init->custom_value_char_attr_md.read_perm;
    cccd_md.vloc       = BLE_GATTS_VLOC_STACK;

    memset(&char_md, 0, sizeof(char_md));

    char_md.char_props.read   = 1;
    char_md.char_props.write  = 1;
    char_md.char_props.notify = 0; 
    char_md.p_char_user_desc  = NULL;
    char_md.p_char_pf         = NULL;
    char_md.p_user_desc_md    = NULL;
    char_md.p_cccd_md         = &cccd_md; 
    char_md.p_sccd_md         = NULL;

    I reached may goal, thanks for your help.
    Abele

Reply
  • 0 in reply to Amanda Hsieh

    Hi Amanda,

    Using the macro BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM on characteristic configuration, GATT write is enabled ONLY with pairing (unauthenticated encrypted link).
    here my code:

    static uint32_t custom_value_char_add(ble_cusi_t * p_cusi, const ble_cusi_init_t * p_cusi_init)
{
    uint32_t            err_code;
    ble_gatts_char_md_t char_md;
    ble_gatts_attr_md_t cccd_md;
    ble_gatts_attr_t    attr_char_value;
    ble_uuid_t          ble_uuid;
    ble_gatts_attr_md_t attr_md;

    // Add Custom Value characteristic
    memset(&cccd_md, 0, sizeof(cccd_md));

    //  write operation on cccd should not be possible without authentication.
    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.read_perm);
    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&cccd_md.write_perm);
    
    cccd_md.write_perm = p_cusi_init->custom_value_char_attr_md.write_perm;
    cccd_md.read_perm  = p_cusi_init->custom_value_char_attr_md.read_perm;
    cccd_md.vloc       = BLE_GATTS_VLOC_STACK;

    memset(&char_md, 0, sizeof(char_md));

    char_md.char_props.read   = 1;
    char_md.char_props.write  = 1;
    char_md.char_props.notify = 0; 
    char_md.p_char_user_desc  = NULL;
    char_md.p_char_pf         = NULL;
    char_md.p_user_desc_md    = NULL;
    char_md.p_cccd_md         = &cccd_md; 
    char_md.p_sccd_md         = NULL;

    I reached may goal, thanks for your help.
    Abele

Children
Related