How to set up nrf52833 Security 2 Level 2?

Hi,

I looked at some of the questions on the forum and they didn't give me good advice. Currently all I can do is nrf52832 Security 1 Level 4 and nrf52833 Security 1 Level 3. But according to my bluetooth protocol requirement is Security 2 Level 2 of nrf52833. But I have any good suggestions for finding a proper way to implement it? I use SDK17.1, softdevice s140 7.3.0.

Thank you,

wfagly.

  • This is currently set by nrf52833, and the phone needs to enter the key.

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    #define SEC_PARAM_BOND 1 /**< Perform bonding. */
    #define SEC_PARAM_MITM 1 /**< Man In The Middle protection required. */
    #define SEC_PARAM_LESC 0 /**< LE Secure Connections not enabled. */
    #define SEC_PARAM_KEYPRESS 0 /**< Keypress notifications not enabled. */
    #define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_DISPLAY_ONLY /**< No I/O capabilities. */
    #define SEC_PARAM_OOB 0 /**< Out Of Band data not available. */
    #define SEC_PARAM_MIN_KEY_SIZE 7 /**< Minimum encryption key size. */
    #define SEC_PARAM_MAX_KEY_SIZE 16 /**< Maximum encryption key size. */
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  • Hi

    Security mode 2 (or more specifically data signing) is not supported in any of the SoftDevices in the nRF5 SDK. From what I have heard, data signing is in general not very widely used as most phones on the market doesn't support this feature either.

    The alternative will be to use the nRF Connect SDK where data signing is supported and should work. The GAP security features in Zephyr are described here, and data signing here in the Zephyr project.

    Best regards,

    Simon

  • Hi,

    That is to say, if I want to use these digital signature functions, I have to change another SDK and change another zephyr os to support these functions.

  • Can you use security mode 1 instead? It's a much better mode in almost all aspects. Bluetooth SIG recommends to use mode 1 instead of 2.

  • That is correct. And as Emil suggests, security mode 1 is generally a better security implementation all around. 

1 2