• State Verified Answer
  • Replies 2 replies
  • Subscribers 73 subscribers
  • Views 2238 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 107849
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

NRF51822 Authenticate and Encrypt functions

tnesheim

Hi,

I am attempting to create a secure BLE connection in security mode 1 and level 3. I noticed that when I simply call sd_ble_gap_authenticate with MITM = 1 it seems to put me in that security mode. This seems odd to me as I thought I would also need to call sd_ble_gap_encrypt to complete this process. So does sd_ble_gap_authenticate create both an authenticated and encrypted connection at once?

This is my suspicion, since there isn't an option in the BLE standard for an authenticated and unencrypted connection.

Thanks and let me know,

-Taylor Nesheim

Parents
  • 0

    Hi,

    you are right that the link will always be encrypted when using the bluetooth way of authenticating.

    While doing authentication the link is actually encrypted in the process with the link settings that you decided. Thus another encryption is not necessary. If you at a later point disconnect, or would like to do a key refresh of the link. Then you can use the sd_ble_gap_encrypt(..) with the keys that you received in the BLE_GAP_EVT_AUTH_STATUS.

    The only way of authenticating without encryption is to distribute IRK or CSRK to identify that the peer device is actually a device that you have authenticated with previously. CSRK is something that we don't support.

    What you could do, is to implement some sort of proprietary authentication if you control the app on both sides of the link.

Reply
  • 0

    Hi,

    you are right that the link will always be encrypted when using the bluetooth way of authenticating.

    While doing authentication the link is actually encrypted in the process with the link settings that you decided. Thus another encryption is not necessary. If you at a later point disconnect, or would like to do a key refresh of the link. Then you can use the sd_ble_gap_encrypt(..) with the keys that you received in the BLE_GAP_EVT_AUTH_STATUS.

    The only way of authenticating without encryption is to distribute IRK or CSRK to identify that the peer device is actually a device that you have authenticated with previously. CSRK is something that we don't support.

    What you could do, is to implement some sort of proprietary authentication if you control the app on both sides of the link.

Children
No Data
Related
Terms of service