encryption problem

Do you want to pair or bond?

This is normally an output, so:

If you want pair you can set the value to NULL.

If you want to bond you need to provide a pointer to a ble_gap_sec_keyset_t security keyset structure. Any keys distributed as a result of the ongoing security procedure will be stored into the memory referenced by the pointers inside this structure. The keys will be stored and available to the application upon reception of a BLE_GAP_EVT_AUTH_STATUS event.

Hi Petter, can you please elaborate on this answer?

Precisely, if a Central wants to bond to a Peripheral, then the Central will provide a p_sec_keyset pointer and set p_sec_params to NULL on ble_gap_sec_params_reply();

1. does the softdevice generate STK (short term key) internally?
2. the application does not take care of key generation, correct?
3. are Phase 2 (STK Generation) and 3 (key distribution) opaque to the application?

Once bonding is done, an encrypted connection can be established using p_sec_keyset
according to Message Sequence Chart > Central Security Procedures > Encryption Establishment using stored keys, is this correct?

thx

Hi Darrew,

sd_ble_gap_sec_params_reply() is used on both sides, central and peripheral. p_sec_keyset is provided to the softdevice, so that the softdevice can send the encryption key (LTK, not STK) and id data back to the application.

1. STK will be generated depends on the pairing method used, Justwork, passkey or OOB. And it's the softdevice generates it but based on the information provided by the application , for example passkey or OOB data.

2. If you are talking about Legacy pairing then it's correct. It's the softdevice taking care of it. On LE secure connection, the application is in charge of generating the DHKey.

3. Correct. The application call sd_ble_gap_sec_params_reply() and wait for the BLE_GAP_EVT_AUTH_STATUS event to store the key into flash for future use. Have a look here.

4. Yes, it's correct.