Hello,
we are developing a verry small sensor node. Since we like to know if the sensor we are connected to, is one of our sensors instead of an attacker fake sensor we need a method to check this. Because the sensor node is so small (3mm x 27mm) we need to use the nrf52811 and have no room for nfc, a display or keys. So “Numeric Comparison” and “Out of Band (OOB) Pairing” as pairing method is no option and “Passkey” is only possible when we hard coded the key into all the devices. Since 6 digits are possible to brute force if the attacker just has/bought one (or x) of the sensors this is no real security. Therefore, signing the data with a hard coded 128/256Bit private key (BLE Security Mode 2, Level 1: Unauthenticated pairing with data signing) looks like a practical option. The S112 SoftDevice (https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.s112.api.v7.2.0%2Fstructble__gap__conn__sec__mode__t.html&cp=4_7_0_1_2_1_6_3) should support this, but as far as I know the private key to sign the data is generated while connecting instead of a fix private key. Is this right? Can this be changed or is this just a stupid idea?
