• State Verified Answer
  • Replies 6 replies
  • Subscribers 63 subscribers
  • Views 8252 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 108870
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Tutorial on Connection Encryption

Marius Heil

Hello,

I have not found a lot of information on connection encryption. I want to use a preprogrammed Long Term Key in my mesh that is then used to establish subsequent connections. How would I start with this?

And very important: i can not use the device manager. (partly because it does not support peripheral and central at the same time and partly because I think it is too big for what I need it.)

The message sequence charts did not help me much and I have not found any example that explains security in detail. Neither did I find a tutorial or anything else. Where do I start?

Marius

Parents
  • 0

    Hi Marius,

    I afraid that for now we don't have anything better than the device manager that you would need to dig into to understand how we handle encryption and security.

    Another option is to look at the ble_app_template in SDK v8.1 or earlier. In this example we don't use device manager and handle the encryption manually in on_ble_evt() . Bonding is partly supported in the sense that the LTK is distributed but not stored on flash. You can reencrypt the link but not when you restart the device.

    You can use one LTK in your mesh, since you can control both side central and peripheral (pairing process doesn't need to be performed for every new connection).

    I'm not sure which message sequence chart you looked at. But it's where I would look at first if I want to know how smth works. I would suggest you to look at this one and this one to know how bonding and re-bonding works on the peripheral side.

    For the central side, please have a look at this one and this one.

    Also please have a look at the description of the sd_ble_gap_sec_params_reply function, especially on how p_sec_keyset works in the way that it will be updated with the encryption keys when bonding is done.

    We are planing to have a tutorial soon on this topic. It would be nice if you can give some particular questions that you want the tutorial should cover.

  • 0 in reply to Hung Bui

    That sound good indeed. I checked the encryption level:

    Connection key is now 16 bytes, level 3, securityMode 1

    And of course, I provided a symmetrical 16 byte custom key on both sides. Is the rand only used to figure out the key that should be used or is it used as an initialization vector as well? if not, is the IV generated somewhere in the softdevice? I've also tested with a Sniffer and got encrypted packets but I was able to decrypt them by inputting my oob key into the sniffer.

Reply
  • 0 in reply to Hung Bui

    That sound good indeed. I checked the encryption level:

    Connection key is now 16 bytes, level 3, securityMode 1

    And of course, I provided a symmetrical 16 byte custom key on both sides. Is the rand only used to figure out the key that should be used or is it used as an initialization vector as well? if not, is the IV generated somewhere in the softdevice? I've also tested with a Sniffer and got encrypted packets but I was able to decrypt them by inputting my oob key into the sniffer.

Children
No Data
Related