https://devzone.nordicsemi.com/f/nordic-q-a/91176/ble-sequence-of-characteristic-discovery-and-read-with-and-without-pairing-bondingI&#39;m trying to read the CTS characteristic from a BLE server (an iOS device) and part of the requirement from Apple is that the server and client be paired and bonded before the CTS information is available. What I&#39;m trying to establish is the chainen-USTelligent Community 13Fri, 30 Sep 2022 07:44:01 GMThttps://devzone.nordicsemi.com/thread/388675?ContentTypeID=1Fri, 30 Sep 2022 07:44:01 GMT137ad170-7792-4731-bb38-c0d22fbe4515:09901c5e-24a6-42f0-a1f7-3e0a6c1b6751Hung Bui<p>Hi Mike,&nbsp;</p> <p>Sorry for the late response. I haven&#39;t fully tested&nbsp;<span>CONFIG_BT_KEYS_OVERWRITE_OLDEST but from what I can see in the code it seems that the oldest bond (most aged) will get removed automatically by&nbsp;</span>bt_unpair() in keys.c :&nbsp;<br />&nbsp;<img style="max-height:589px;max-width:572px;" height="589" src="https://devzone.nordicsemi.com/resized-image/__size/1144x1178/__key/communityserver-discussions-components-files/4/pastedimage1664523495045v1.png" width="572" alt=" " /></p> <p>Have you tried to test by just enabling&nbsp;<span>CONFIG_BT_KEYS_OVERWRITE_OLDEST&nbsp; ?&nbsp;</span></p> <p></p> <p>Regarding your question about having the central remove bond but the bond remains on the peripheral, it&#39;s about security requirement. There is a risk that an attacker can spoof that it&#39;s the central and request a new bond. So usually it&#39;s not allowed to request a new bond from a bonded central.&nbsp;<br />You will need to handle it with some extra security requirement, for example a physical button to erase all bonds (or single bond) , and you can call bt_unpair() in the code. In nRF5 SDK we have the allow_repair option, but I haven&#39;t seen the same option in Zephyr.&nbsp;<br />But it&#39;s possible to allow repair if it&#39;s JustWork pairing, you can use this config:&nbsp;<a href="https://docs.zephyrproject.org/3.0.0/reference/kconfig/CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE.html">CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE</a></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/388442?ContentTypeID=1Thu, 29 Sep 2022 01:09:30 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8454d5f2-2a05-463a-ad75-d34ed14a1873Mike Austin (LPI)<p>OK, sorted it.&nbsp; <span>CONFIG_BT_MAX_PAIRED was set to 1.&nbsp; Just increased that to 5 (I have 8192 bytes of flash storage for bonding/pairing info, so could potentially increase that a fair bit more) and I can get my peripheral to correctly grab the CTS from multiple clients now.</span></p> <p><span>I now want to ensure I don&#39;t end up hitting the limit of CONFIG_BT_MAX_PAIRED, so want to check the actual number of centrals paired at any given moment, and start removing earlier ones (or just wiping the whole lot clean) to keep below the limit.</span></p> <p><span></span></p> <p>There appears to be a config setting&nbsp;<span>CONFIG_BT_KEYS_OVERWRITE_OLDEST that if enabled, should allow the system to overwrite the oldest bonding/pairing info when it hits the&nbsp;CONFIG_BT_MAX_PAIRED limit. I can see a bunch of API&#39;s in keys.c that manage the overwriting, but its not clear how I get these to be implemented.&nbsp; Is this something the code takes care of by simply setting&nbsp;CONFIG_BT_KEYS_OVERWRITE_OLDEST=y?&nbsp; Or do I actually need to be calling those API&#39;s within my own code to manage the BT keys?</span></p> <p><span>I&#39;m also trying to deal with the scenario where a central deletes the bonding information but this still remains within the peripheral.&nbsp; At the moment, my code fails to work correctly if this happens, so I need someway of detecting this (I think its when I get a Reason 4 return from my pairing_failed() function.</span></p> <p><span>Cheers,</span></p> <p><span>Mike</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/388438?ContentTypeID=1Wed, 28 Sep 2022 23:46:18 GMT137ad170-7792-4731-bb38-c0d22fbe4515:732bb98d-faf3-4ad2-9165-8a0c04d56411Mike Austin (LPI)<p>Hi Hung,</p> <p>I&#39;ve been doing a bit more development work on the CTS functionality.&nbsp; Your suggestion above seems to work, but only if I am accessing my peripheral with the same client.</p> <p>If I introduce a new client, then the whole bonding/pairing scenario for the new client doesn&#39;t appear to be functioning as I would expect, and my code jumps into attempting to grab the CTS info without bonding/pairing to the new client.&nbsp; And this ultimately fails.</p> <p>Any ideas how I can check within my code whether my peripheral has paired/bonded with a specific client, and if not, set up a new pairing/bonding with that client?</p> <p>Cheers,</p> <p>Mike</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/386473?ContentTypeID=1Thu, 15 Sep 2022 23:15:01 GMT137ad170-7792-4731-bb38-c0d22fbe4515:73305a0e-f393-40a3-a2a3-e844a13100a9Mike Austin (LPI)<p>Hi Hung,</p> <p>Yep - using NCS V2.0.0, so your suggestion worked.&nbsp; Thanks for your help</p> <p>Cheers,</p> <p>Mike</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/382690?ContentTypeID=1Mon, 22 Aug 2022 12:57:00 GMT137ad170-7792-4731-bb38-c0d22fbe4515:767f0751-989f-48f5-8630-6ae614becb86Hung Bui<p>Hi Mike,&nbsp;</p> <p>Could you let me know which SDK version you are using ?&nbsp;<br />If you are using NCS v2.0.x you can have a look at the periphera_uart example.&nbsp;<br />In the example, if you enable&nbsp;CONFIG_BT_NUS_SECURITY_ENABLED, you can find that:</p> <p>- On the first bond, after the&nbsp;bonding is finished, you will receive&nbsp;pairing_complete() call back.&nbsp;</p> <p>- On reconnection to a bonded device, you will not receive&nbsp;pairing_complete() but instead receive&nbsp;security_changed() call back. Note that <span>security_changed belong to&nbsp;</span>conn_callbacks when the&nbsp;<span>pairing_complete() belongs to&nbsp;conn_auth_info_callbacks</span></p><div style="clear:both;"></div>