This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Secure connection using stored key.

Hi,

I am using nrf52832 in my custom board and I want to make secure connection between my two boards using stored keys.

Is there any example provide by nordic which I can refer to? 

Your timely help will be appreciated.

Note: there is no button or display attached in my board so I want to secure my connection using the keys previously stored in the device

Thanks,

KRA

Parents
  • Hello,

    We don't have any examples with key stored in flash.

    I believe the easiest way to do this is to use a static passkey. Search for how to implement a static passkey here on DevZone. I know it has been discussed a few times. 

    Another option is to hard code the long term key, but it is a bit more work to understand where to insert it into the peer manager (I have not done this myself). I would recommend that you just use the static passkey, which the two devices then will use to generate a set of long term keys for bonding.

    Remember, even if you don't have any display or keyboard on your devices, you need to pretend that you do, so that the softdevice knows which device that holds the key, and which device that will respond with the key. Tell one of them that it has a display, and the other that it has a keyboard, and then use the same 6-digit key in both ends.

    Best regards,

    Edvin

  • Thanks for the reply Edvin.

    I have tried the same same way as suggested here.

    I did set static passkey on both side as "123456".

    Set MITM to 1 on both the side, 

    IO capabilities on central side: BLE_GAP_IO_CAPS_KEYBOARD_ONLY 

    IO capabilities on peripheral side: BLE_GAP_IO_CAPS_DISPLAY_ONLY 

    I am getting BLE_GAP_EVT_PASSKEY_DISPLAY event only on peripheral side in ble event handler and received the the same passkey which I have set during GAP parameter initialization.

    After that I am calling sd_ble_gap_auth_key_reply(conn_handle, BLE_GAP_AUTH_KEY_TYPE_PASSKEY, NULL). 

    in this sd call I am getting error code 0x08 (NRF_ERROR_INVALID_STATE).

    I am not sure I am doing correct thing or not. Please guide me on this.

    Also do I need to call sd_ble_gap_auth_key_reply() from central side? if yes, what should be the parameters of that?

    Note: I dont have any IO capabilities in my custom board.

    Regards,

    KRA

  • Please read the documentation for sd_ble_gap_auth_key_reply():

    /**@brief Reply with an authentication key.
     *
     * @details This function is only used to reply to a @ref BLE_GAP_EVT_AUTH_KEY_REQUEST or a @ref BLE_GAP_EVT_PASSKEY_DISPLAY, calling it at other times will result in an @ref NRF_ERROR_INVALID_STATE.
     * @note    If the call returns an error code, the request is still pending, and the reply call may be repeated with corrected parameters.
     *
     * @events
     * @event{This function is used during authentication procedures\, see the list of events in the documentation of @ref sd_ble_gap_authenticate.}
     * @endevents
     *
     * @mscs
     * @mmsc{@ref BLE_GAP_PERIPH_BONDING_PK_CENTRAL_OOB_MSC}
     * @mmsc{@ref BLE_GAP_PERIPH_LESC_BONDING_NC_MSC}
     * @mmsc{@ref BLE_GAP_PERIPH_LESC_BONDING_PKE_CD_MSC}
     * @mmsc{@ref BLE_GAP_CENTRAL_BONDING_PK_PERIPH_OOB_MSC}
     * @mmsc{@ref BLE_GAP_CENTRAL_LESC_BONDING_NC_MSC}
     * @mmsc{@ref BLE_GAP_CENTRAL_LESC_BONDING_PKE_CD_MSC}
     * @endmscs
     *
     * @param[in] conn_handle Connection handle.
     * @param[in] key_type See @ref BLE_GAP_AUTH_KEY_TYPES.
     * @param[in] p_key If key type is @ref BLE_GAP_AUTH_KEY_TYPE_NONE, then NULL.
     *                  If key type is @ref BLE_GAP_AUTH_KEY_TYPE_PASSKEY, then a 6-byte ASCII string (digit 0..9 only, no NULL termination)
     *                     or NULL when confirming LE Secure Connections Numeric Comparison.
     *                  If key type is @ref BLE_GAP_AUTH_KEY_TYPE_OOB, then a 16-byte OOB key value in little-endian format.
     *
     * @retval ::NRF_SUCCESS Authentication key successfully set.
     * @retval ::NRF_ERROR_INVALID_ADDR Invalid pointer supplied.
     * @retval ::NRF_ERROR_INVALID_PARAM Invalid parameter(s) supplied.
     * @retval ::NRF_ERROR_INVALID_STATE Authentication key has not been requested.
     * @retval ::BLE_ERROR_INVALID_CONN_HANDLE Invalid connection handle supplied.
     */
    SVCALL(SD_BLE_GAP_AUTH_KEY_REPLY, uint32_t, sd_ble_gap_auth_key_reply(uint16_t conn_handle, uint8_t key_type, uint8_t const *p_key));

    The last parameter needs to be the passkey that you want to use.

    But before you test the central, make sure that the passkey implementation on your peripheral is correct. Try to connect to it with nRF Connect for Desktop, to check that you get prompted with the passkey, and that the static passkey works.

    Best regards,

    Edvin

Reply
  • Please read the documentation for sd_ble_gap_auth_key_reply():

    /**@brief Reply with an authentication key.
     *
     * @details This function is only used to reply to a @ref BLE_GAP_EVT_AUTH_KEY_REQUEST or a @ref BLE_GAP_EVT_PASSKEY_DISPLAY, calling it at other times will result in an @ref NRF_ERROR_INVALID_STATE.
     * @note    If the call returns an error code, the request is still pending, and the reply call may be repeated with corrected parameters.
     *
     * @events
     * @event{This function is used during authentication procedures\, see the list of events in the documentation of @ref sd_ble_gap_authenticate.}
     * @endevents
     *
     * @mscs
     * @mmsc{@ref BLE_GAP_PERIPH_BONDING_PK_CENTRAL_OOB_MSC}
     * @mmsc{@ref BLE_GAP_PERIPH_LESC_BONDING_NC_MSC}
     * @mmsc{@ref BLE_GAP_PERIPH_LESC_BONDING_PKE_CD_MSC}
     * @mmsc{@ref BLE_GAP_CENTRAL_BONDING_PK_PERIPH_OOB_MSC}
     * @mmsc{@ref BLE_GAP_CENTRAL_LESC_BONDING_NC_MSC}
     * @mmsc{@ref BLE_GAP_CENTRAL_LESC_BONDING_PKE_CD_MSC}
     * @endmscs
     *
     * @param[in] conn_handle Connection handle.
     * @param[in] key_type See @ref BLE_GAP_AUTH_KEY_TYPES.
     * @param[in] p_key If key type is @ref BLE_GAP_AUTH_KEY_TYPE_NONE, then NULL.
     *                  If key type is @ref BLE_GAP_AUTH_KEY_TYPE_PASSKEY, then a 6-byte ASCII string (digit 0..9 only, no NULL termination)
     *                     or NULL when confirming LE Secure Connections Numeric Comparison.
     *                  If key type is @ref BLE_GAP_AUTH_KEY_TYPE_OOB, then a 16-byte OOB key value in little-endian format.
     *
     * @retval ::NRF_SUCCESS Authentication key successfully set.
     * @retval ::NRF_ERROR_INVALID_ADDR Invalid pointer supplied.
     * @retval ::NRF_ERROR_INVALID_PARAM Invalid parameter(s) supplied.
     * @retval ::NRF_ERROR_INVALID_STATE Authentication key has not been requested.
     * @retval ::BLE_ERROR_INVALID_CONN_HANDLE Invalid connection handle supplied.
     */
    SVCALL(SD_BLE_GAP_AUTH_KEY_REPLY, uint32_t, sd_ble_gap_auth_key_reply(uint16_t conn_handle, uint8_t key_type, uint8_t const *p_key));

    The last parameter needs to be the passkey that you want to use.

    But before you test the central, make sure that the passkey implementation on your peripheral is correct. Try to connect to it with nRF Connect for Desktop, to check that you get prompted with the passkey, and that the static passkey works.

    Best regards,

    Edvin

Children
No Data
Related