https://devzone.nordicsemi.com/f/nordic-q-a/57419/ble-encryption---passkeyHi, Some questions regarding passkey and Diffie Hellman. When a device connects to a mobile - the mobile user should insert a passkey. Does this passkey used as a public key? How does that connected to public key, private key and Diffie Hellmanen-USTelligent Community 13Tue, 11 Feb 2020 07:42:59 GMThttps://devzone.nordicsemi.com/thread/233638?ContentTypeID=1Tue, 11 Feb 2020 07:42:59 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ae81126a-f296-4506-a9c6-9dc6425aa1edRoei<p>Thank you, Simon! You helped me a lot!</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/233546?ContentTypeID=1Mon, 10 Feb 2020 13:47:59 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5a9d0c17-8f66-4394-8e54-7cc232b2e71fSimon<p>The passkey is not&nbsp;needed for Diffie Hellman, the Diffie Hellman method is used in order for two devices to agree upon a shared secret key, without ever needing to send that key over the air, check out <a href="https://www.youtube.com/watch?v=YEBfamv-_do">this video</a> for a nice visual illustration.</p> <p>The passkey is used to authenticate the connection and make sure you&#39;re not connected to a MITM. Let&#39;s say you, device A, want to connect to device B, and you are not using a passkey. Then a device C can act like device B and relay the message: |Device A|⇔|Device C (MITM)|<span>⇔|Device B|. Device A now thinks it is connected to device B. Read <a href="https://www.digikey.com/eewiki/display/Wireless/A+Basic+Introduction+to+BLE+Security#ABasicIntroductiontoBLESecurity-PairingMethodsforLESecureConnections(4.2devicesonly):">this article</a> (Pairing Methods for Le S..--&gt;Passkey</span><span>) for more detailed information. So MITM attacks can still happen when using LESC, Diffie Hellman and Just works, even though it&#39;s much more resilient than Legacy connections.</span></p> <p><span>In order to avoid this MITM attacks, devices A and B can agree upon a secret Passkey. In that case, device C has to guess the passkey, and the probability of succeeding is close to zero.</span></p> <p><span>So in short:</span></p> <ul> <li><span>The Diffie Hellman method is used to generate a shared secret key between two devices</span></li> <li><span>The passkey is used to authenticate the device trying to connect</span></li> </ul> <p><span>Best regards,</span></p> <p><span>Simon</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/232901?ContentTypeID=1Wed, 05 Feb 2020 16:26:25 GMT137ad170-7792-4731-bb38-c0d22fbe4515:bdd0c790-9dec-49d8-a487-83488f1c91a9Roei<p>Thanks for your response, Simon!</p> <p></p> <p>Actually, I still have some questions:</p> <p></p> <p>1) What is the purpose of the passkey? After the user enter the correct passkey - do we need it for Diffie Hellman?</p> <p>2) I noticed that Diffie Hellman calculation occurs before the user insert the passkey. The chart states that first the passkey should be insert. How does it possible?</p> <p></p> <p>Thanks!</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/232897?ContentTypeID=1Wed, 05 Feb 2020 16:05:20 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9a346652-4591-4191-b895-e5a9c171d9beSimon<p>I think&nbsp;<a class="internal-link view-user-profile" href="https://devzone.nordicsemi.com/members/emil">Emil Lenngren</a>&#39;s&nbsp;answer in <a href="https://devzone.nordicsemi.com/f/nordic-q-a/35856/questions-about-lesc-mitm-and-passkey">this link</a>&nbsp;explains it quite well. It is also worth taking a look at the Message Sequence Chart for <a href="https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.s132.api.v7.0.1/group___b_l_e___g_a_p___p_e_r_i_p_h___l_e_s_c___b_o_n_d_i_n_g___p_k_e___c_d___m_s_c.html?cp=4_5_2_1_2_1_5_10_6_3">Bonding: Passkey Entry, User Inputs on Peripheral</a>.</p> <p>If you still have questions, please ask and I will try to answer.</p> <p>Best regards,</p> <p>Simon</p><div style="clear:both;"></div>