This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

BLE encryption - passkey

Hi,

Some questions regarding passkey and Diffie Hellman.

When a device connects to a mobile - the mobile user should insert a passkey.

Does this passkey used as a public key? How does that connected to public key, private key and Diffie Hellman? Where the public and private keys come from?

Can you please explain?

Thanks!

Parents

0 Simon over 5 years ago

I think Emil Lenngren's answer in this link explains it quite well. It is also worth taking a look at the Message Sequence Chart for Bonding: Passkey Entry, User Inputs on Peripheral.

If you still have questions, please ask and I will try to answer.

Best regards,

Simon
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Roei over 5 years ago in reply to Simon

Thanks for your response, Simon!

Actually, I still have some questions:

1) What is the purpose of the passkey? After the user enter the correct passkey - do we need it for Diffie Hellman?

2) I noticed that Diffie Hellman calculation occurs before the user insert the passkey. The chart states that first the passkey should be insert. How does it possible?

Thanks!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Roei over 5 years ago in reply to Simon

Thanks for your response, Simon!

Actually, I still have some questions:

1) What is the purpose of the passkey? After the user enter the correct passkey - do we need it for Diffie Hellman?

2) I noticed that Diffie Hellman calculation occurs before the user insert the passkey. The chart states that first the passkey should be insert. How does it possible?

Thanks!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Simon over 5 years ago in reply to Roei
The passkey is not needed for Diffie Hellman, the Diffie Hellman method is used in order for two devices to agree upon a shared secret key, without ever needing to send that key over the air, check out this video for a nice visual illustration.

The passkey is used to authenticate the connection and make sure you're not connected to a MITM. Let's say you, device A, want to connect to device B, and you are not using a passkey. Then a device C can act like device B and relay the message: |Device A|⇔|Device C (MITM)|⇔|Device B|. Device A now thinks it is connected to device B. Read this article (Pairing Methods for Le S..-->Passkey) for more detailed information. So MITM attacks can still happen when using LESC, Diffie Hellman and Just works, even though it's much more resilient than Legacy connections.

In order to avoid this MITM attacks, devices A and B can agree upon a secret Passkey. In that case, device C has to guess the passkey, and the probability of succeeding is close to zero.

So in short:

The Diffie Hellman method is used to generate a shared secret key between two devices

The passkey is used to authenticate the device trying to connect

Best regards,

Simon
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Roei over 5 years ago in reply to Simon

Thank you, Simon! You helped me a lot!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel