How to set up nrf52833 Security 2 Level 2?

RE: How to set up nrf52833 Security 2 Level 2?

Emil Lenngren — Thu, 23 Jun 2022 07:02:51 GMT

The difference between level 3 and 4 is the use of "LE Secure Connections". If you already know that both devices (central and peripheral) support LESC, then do require the use of LESC during pairing, since the legacy methods are all considered unsecure. If you only intend to communicate with Android, iOS and other "big" operating systems, there is no need to support the legacy methods since these systems have support for LESC since a long time ago.

RE: How to set up nrf52833 Security 2 Level 2?

Mikey — Thu, 23 Jun 2022 00:57:42 GMT

Should I choose level3 or level4 in security mode 1?

RE: How to set up nrf52833 Security 2 Level 2?

Simonr — Fri, 10 Jun 2022 07:07:48 GMT

That is correct. And as Emil suggests, security mode 1 is generally a better security implementation all around.

RE: How to set up nrf52833 Security 2 Level 2?

Emil Lenngren — Fri, 10 Jun 2022 06:30:39 GMT

Can you use security mode 1 instead? It's a much better mode in almost all aspects. Bluetooth SIG recommends to use mode 1 instead of 2.

RE: How to set up nrf52833 Security 2 Level 2?

Mikey — Thu, 09 Jun 2022 11:21:08 GMT

Hi,

That is to say, if I want to use these digital signature functions, I have to change another SDK and change another zephyr os to support these functions.

RE: How to set up nrf52833 Security 2 Level 2?

Simonr — Thu, 09 Jun 2022 11:05:13 GMT

Security mode 2 (or more specifically data signing) is not supported in any of the SoftDevices in the nRF5 SDK. From what I have heard, data signing is in general not very widely used as most phones on the market doesn't support this feature either.

The alternative will be to use the nRF Connect SDK where data signing is supported and should work. The GAP security features in Zephyr are described here, and data signing here in the Zephyr project.

Best regards,

Simon

RE: How to set up nrf52833 Security 2 Level 2?

Mikey — Thu, 09 Jun 2022 03:27:42 GMT

This is currently set by nrf52833, and the phone needs to enter the key.

#define  SEC_PARAM_BOND  1															/**< Perform bonding. */
#define  SEC_PARAM_MITM  1															/**< Man In The Middle protection required. */
#define  SEC_PARAM_LESC  0															/**< LE Secure Connections not enabled. */
#define  SEC_PARAM_KEYPRESS  0														/**< Keypress notifications not enabled. */
#define  SEC_PARAM_IO_CAPABILITIES   BLE_GAP_IO_CAPS_DISPLAY_ONLY					/**< No I/O capabilities. */
#define  SEC_PARAM_OOB  0															/**< Out Of Band data not available. */
#define  SEC_PARAM_MIN_KEY_SIZE  7													/**< Minimum encryption key size. */
#define  SEC_PARAM_MAX_KEY_SIZE  16													/**< Maximum encryption key size. */