Static Passkey didn't pop out input passkey window

RE: Static Passkey didn't pop out input passkey window

Since — Fri, 15 Apr 2022 08:52:35 GMT

Hi Kenneth,

I was busy on other issues last 2 weeks, and now I solved the problem with your replies. Thank you for your assistant !

RE: Static Passkey didn't pop out input passkey window

Kenneth — Wed, 30 Mar 2022 13:53:58 GMT

1. It's possible to make the application to trigger security by adding in ble_evt_handler() a call to pm_handler_secure_on_connection(). The "manual" pairing you experience without it is a result of nRF Connect for Desktop is not really a product meant for end customers, it is a tool for debugging and development. So it does not give the same UX as when used with for instance iOS, Android or Windows native BT.

[quote user="Since"]In my case, before I manual paired on nRF Connect, the nus service will work(it isn't supposed happened. I want users able to use the device only after they input the right passkey.)[/quote]

That is likely because you have not set any security requirements on the characteristics in services_init().

RE: Static Passkey didn't pop out input passkey window

Since — Wed, 30 Mar 2022 12:21:36 GMT

Hi Kenneth,

I try to manual pairing, here are something I found.

When I run Glucose Application example on the pca10040, nRF connect will auto pop out the passkey window. So I guess maybe it's possible that I won't need to manual pairing ?
In my case, before I manual paired on nRF Connect, the nus service will work(it isn't supposed happened. I want users able to use the device only after they input the right passkey.) And after I paired and entered the passkey, the program was stuck. I couldn't control my device.

RE: Static Passkey didn't pop out input passkey window

Kenneth — Wed, 30 Mar 2022 11:05:44 GMT

[quote user="Since"]Did you mean the peer would elevate the security only if there are some characteristics(no need to be all) configured with higher security ?[/quote]

It's only required to elevate the security in that case (, some may do it anyways).

I believe if you are using the nRF Connect for Desktop BLE app, you need to trigger the security manually:
https://infocenter.nordicsemi.com/topic/ug_nrfconnect_ble/UG/nRF_Connect_BLE/nRF_Connect_Pairing_devices.html

RE: Static Passkey didn't pop out input passkey window

Since — Wed, 30 Mar 2022 10:44:44 GMT

Thanks for quick reply!

Did you mean the peer would elevate the security only if there are some characteristics(no need to be all) configured with higher security ?

Btw I modified the bas_init(), but nothing change.

static void bas_init(void)
{
	uint32_t       err_code;
    ble_bas_init_t bas_init;
	
    // Initialize Battery Service.
    memset(&bas_init, 0, sizeof(bas_init));

    // Here the sec level for the Battery Service can be changed/increased.
    bas_init.bl_rd_sec        = SEC_MITM;
    bas_init.bl_cccd_wr_sec   = SEC_MITM;
    bas_init.bl_report_rd_sec = SEC_MITM;

    bas_init.evt_handler          = NULL;
    bas_init.support_notification = true;
    bas_init.p_report_ref         = NULL;
    bas_init.initial_batt_level   = 100;

    err_code = ble_bas_init(&m_bas, &bas_init);
    APP_ERROR_CHECK(err_code);
}

RE: Static Passkey didn't pop out input passkey window

Kenneth — Wed, 30 Mar 2022 10:11:40 GMT

Hello,

You might be mixing that security is made up of two configurations:

- The security capabilities of the device, which is typically handled during peer_manager_init().
- The security requirements for the services and chacteristics in your GATT database, which is typically handled during services_init().

If all services and characteristics are configured with BLE_GAP_CONN_SEC_MODE_SET_OPEN/SEC_OPEN, then the peer may not see any need to elevate the security of the link when established. In your case you can for instance (for test) elevate the security requirements for bas_init(). The GAP params I believe must always be OPEN by spec.

Best regards,
Kenneth