https://devzone.nordicsemi.com/f/nordic-q-a/87727/default-stk-and-ltkDo I need to change the default value of STK and LTK between devices?en-USTelligent Community 13Mon, 09 May 2022 14:20:39 GMThttps://devzone.nordicsemi.com/thread/366993?ContentTypeID=1Mon, 09 May 2022 14:20:39 GMT137ad170-7792-4731-bb38-c0d22fbe4515:45c77128-e0c0-4198-bd46-8e9255f3cfe4Einar Thorsrud[quote user="DS4"]After generated from FICR(?) are they constant for each device?[/quote] <p>The FICR is a persistent register (or set of registers) that is populated during production of the IC and is never changed after that.</p> [quote user="DS4"]<p>What BLE settings are using those key?&nbsp;</p> <p>When am I sending them to the peer device?</p>[/quote] <p>In general these are all standard Bluetooth concepts though, so if you need an introduction in Bluetooth security you could for instance refer to some literature on Bluetooth if you want to get an overview. In a nutshell, the IRK is used if you want to ensure that the device cannot be tracked, and then a resolvable random address is regularly calculated base don the IRK. The ERK is used to generate the LTK and. You can refer to&nbsp;Figure 5.2: LE key hierarchy ion page 268 in the Bluetooth core spec 5.3 to see how the keys relate.</p> [quote user="DS4"]In case I am producing thousands devices should I randomize the keys I am sending to the stack?[/quote] <p>Generally, no. As mentioned persistent device keys are unique per IC (generated in production) and other keys are generated based on the RNG peripheral when needed.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/366988?ContentTypeID=1Mon, 09 May 2022 14:07:32 GMT137ad170-7792-4731-bb38-c0d22fbe4515:b192982d-2aba-4676-8969-3e2248e512e8DS4<p>Thanks,</p> <p>After generated from FICR are they constant for each device?</p> <p>What BLE settings are using those key?&nbsp;</p> <p>When am I sending them to the peer device?</p> <p>In case I am producing thousands devices should I randomize the keys I am sending to the stack?</p> <p></p> <p>sorry a l lot of questions!</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/366986?ContentTypeID=1Mon, 09 May 2022 13:59:30 GMT137ad170-7792-4731-bb38-c0d22fbe4515:01903fe2-a109-43fd-8ff8-bdf1ec47503dEinar Thorsrud<p>Hi,</p> <p>Ah, in that case it is different. Both the ERK and IRK are special keys that must be persistent and by default they are read from FICR. This contain random numbers that was generated in production and is unique for each individual IC.</p> <p>There are a few reasons you may want to replace the IRK (for instance if factory resetting a device to prevent the old &quot;user&quot; from being able to track it), and therefore it is possible to set it. How to do it depends on which SDK and Bluetooth stack you are using. Note that in this case you will be responsible for storing the new IRK persistently and configuring the Bluetooth stack to use it after every boot.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/366981?ContentTypeID=1Mon, 09 May 2022 13:50:47 GMT137ad170-7792-4731-bb38-c0d22fbe4515:b6c0abcb-c4be-4930-8ae4-313d007d58e6DS4<p>Sorry, I mean the ERK and IRK default values</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/366978?ContentTypeID=1Mon, 09 May 2022 13:48:45 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9a1161e4-93b6-4109-9431-7b56ed0ed75fEinar Thorsrud<p>Hi,</p> <p>No. (There are no default key values. They are automatically generated by the Bluetooth stack based on random numbers from the RNG peripheral).</p><div style="clear:both;"></div>