RE: pairing key passing

Simon — Tue, 25 Feb 2020 14:16:23 GMT

Here I have uploaded a project where I have modified the ble_app_uart project to support bonding using legacy pairing with passkey entry. In the project, I have provided comments on how to implement it and you should be able to easily implement it in any of the Nordic BLE examples (including ble_app_hrs). If you want the ble_app_uart central part as well, just ask me and I will provide it to you.

Be aware that this approach is not really safe against MITM attacks, as Emil Lenngren explains in this ticket:

"The Passkey method in Legacy Pairing is also vulnerable to passive eavesdropping. ..... the Legacy Passkey is highly vulnerable to MITM attacks, with a success probability of 100%"

LESC paring is a safer option.

[quote user=""]i have a question on this pairing keys if we use the legacy secure pairing mechanisim, will the initiator ask the responder for pairing key when it bond on second time ?[/quote]

No, you only have to enter the passkey during the pairing process. When two devices are bonded, they have exchanged keys and don't need to do any pairing in order to acquire a secure connection. Check out this answer.

Best regards,

Simon