https://devzone.nordicsemi.com/f/nordic-q-a/80260/sdk-17-1-0---nrf_ble_lesc_generate_new_keysHello, With nRF5 SDK 17.1.0 release a new ifdef NRF_BLE_LESC_GENERATE_NEW_KEYS in nrf_ble_lesc.c has been added. Could you please clarify what the intention is of this generating a new key pair for each BLE_GAP_EVT_AUTH_STATUS is? Does this somehow affecten-USTelligent Community 13Thu, 07 Oct 2021 07:24:10 GMThttps://devzone.nordicsemi.com/thread/332941?ContentTypeID=1Thu, 07 Oct 2021 07:24:10 GMT137ad170-7792-4731-bb38-c0d22fbe4515:529e7ef3-547c-483b-b4bd-f32b7e77e5deElfving<p>No problem!&nbsp;</p> <p>Btw,&nbsp;it seems that the <span>NRF_BLE_LESC_GENERATE_NEW_KEYS&nbsp; snippet also deals with key refreshes in general. A device should change its private key after every pairing, succesful or failed.&nbsp;</span></p> <p><span>Best regards,</span></p> <p><span>Elfving</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/332870?ContentTypeID=1Wed, 06 Oct 2021 14:22:47 GMT137ad170-7792-4731-bb38-c0d22fbe4515:7c6876d5-344a-46e2-ac67-105b0b01aa00RenderMonkey<p>Thank you Elfving!</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/332799?ContentTypeID=1Wed, 06 Oct 2021 11:04:13 GMT137ad170-7792-4731-bb38-c0d22fbe4515:e4c336c1-db58-41e7-b5e2-f803c5896f17Elfving<p>Hello!&nbsp;</p> <p>Sorry, it seems I was mistaken. The&nbsp;<span>CVE-2020-26558 security fix is being addressed on line 358.</span></p> <p><span>&nbsp;<img src="https://devzone.nordicsemi.com/resized-image/__size/320x240/__key/communityserver-discussions-components-files/4/pastedimage1633516574555v1.png" alt=" " /></span></p> <p><span></span></p> [quote user="RenderMonkey"] Is it for the highly unlikely case when two units attempt to bond and happen to have the same public key?[/quote] <p></p> <p><span>Yeah I think you are right. The ifdef&nbsp;<span>NRF_BLE_LESC_GENERATE_NEW_KEYS&nbsp;snippet is likely there to avoid the scenario where two devices have the same public key. It is optional because an exception is needed for the NFC library (this library generates LESC keys itself after every pairing attempt).</span></span></p> <p><span><span>Best regards,</span></span></p> <p><span><span>Elfving</span></span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/332626?ContentTypeID=1Tue, 05 Oct 2021 12:41:43 GMT137ad170-7792-4731-bb38-c0d22fbe4515:1b569bdb-38fb-42f6-b511-807a3a2f0554RenderMonkey<p>Hello Elfving,</p> <p>I have read the release notes and this is why I am asking. Since this setting is optional, I am asking for clarification when it is needed (or rather why it is optional). Is it for the highly unlikely case when two units attempt to bond and happen to have the same public key?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/332618?ContentTypeID=1Tue, 05 Oct 2021 12:28:55 GMT137ad170-7792-4731-bb38-c0d22fbe4515:024ebf27-7804-4400-a6e9-3dc7b0306e28Elfving<p>Hello RenderMonkey,</p> <p>It is mentioned in the <a href="https://infocenter.nordicsemi.com/topic/sdk_nrf5_v17.1.0/index.html">nRF5 SDK release notes</a>. It is a security mitigation mechanism to address a security vulnerability&nbsp;in the Bluetooth Core spec: CVE-2020-26558.</p> <p>Best regards,</p> <p>Elfving</p><div style="clear:both;"></div>