Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Ensuring that a characteristic can be read and notified with encryption

Hi there,

I've been unable to find a good example of what settings are required specifically to ensure that a characteristic's value can only be read and notified in an encrypted manner. With the following declarations, can I be sure that a characteristic's data is always transmitted to a central device with encryption?

When establishing my characteristic, noting that I don't wish it to be written to, I declare:

    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.read_perm);
    BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(&attr_md.write_perm);

...and this appears to work i.e. nRF Connect on iOS prompts that a pairing is required when attempting to read the characteristic.
For ensuring that a notification is also encrypted, I declare the above's corresponding cccd as follows:
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.read_perm);
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&cccd_md.write_perm);
Now, if nRF Connect attempts to subscribe to notifications on the characteristic, then pairing is also required.
I'm using the nRF52 SDK with an s140 software device.

Thanks for any confirmation that I'm doing things correctly.

Kind regards,
Christopher

Related