• State Verified Answer
  • Replies 6 replies
  • Subscribers 63 subscribers
  • Views 8257 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 108870
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Tutorial on Connection Encryption

Marius Heil

Hello,

I have not found a lot of information on connection encryption. I want to use a preprogrammed Long Term Key in my mesh that is then used to establish subsequent connections. How would I start with this?

And very important: i can not use the device manager. (partly because it does not support peripheral and central at the same time and partly because I think it is too big for what I need it.)

The message sequence charts did not help me much and I have not found any example that explains security in detail. Neither did I find a tutorial or anything else. Where do I start?

Marius

Parents
  • 0

    Hi Marius,

    I afraid that for now we don't have anything better than the device manager that you would need to dig into to understand how we handle encryption and security.

    Another option is to look at the ble_app_template in SDK v8.1 or earlier. In this example we don't use device manager and handle the encryption manually in on_ble_evt() . Bonding is partly supported in the sense that the LTK is distributed but not stored on flash. You can reencrypt the link but not when you restart the device.

    You can use one LTK in your mesh, since you can control both side central and peripheral (pairing process doesn't need to be performed for every new connection).

    I'm not sure which message sequence chart you looked at. But it's where I would look at first if I want to know how smth works. I would suggest you to look at this one and this one to know how bonding and re-bonding works on the peripheral side.

    For the central side, please have a look at this one and this one.

    Also please have a look at the description of the sd_ble_gap_sec_params_reply function, especially on how p_sec_keyset works in the way that it will be updated with the encryption keys when bonding is done.

    We are planing to have a tutorial soon on this topic. It would be nice if you can give some particular questions that you want the tutorial should cover.

  • 0 in reply to Hung Bui

    The CONN_SEC_UPDATE event will contain the status and the encryption level. If the status is success, and the encryption level is something higher than SM: 1 Level: 1, then you are indeed encrypted. You should provide an ble_gap_enc_info_t struct with a custom 16-byte LTK in it though, if not you are likely encrypting with an all-zero key. The master ID and rand is used for the peer to figure out which LTK it should load during encryption.

Reply
  • 0 in reply to Hung Bui

    The CONN_SEC_UPDATE event will contain the status and the encryption level. If the status is success, and the encryption level is something higher than SM: 1 Level: 1, then you are indeed encrypted. You should provide an ble_gap_enc_info_t struct with a custom 16-byte LTK in it though, if not you are likely encrypting with an all-zero key. The master ID and rand is used for the peer to figure out which LTK it should load during encryption.

Children
No Data
Related