This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2652R7: Correct secure access to characteristics

Part Number: CC2652R7
Other Parts Discussed in Thread: SYSCONFIG

Tool/software:

Hello
I am developing an application based on the multirole example. I want to configure incoming connections so that each time a passcode is required. To do this, I set the GAPBOND_PAIRING_MODE_INITIATE parameter. Everything seems to work fine, but there is one remark.
I am checking the work using the nRF connect application on iOS. When connecting, I really have to enter a passcode, but in the background I see that the application has already received information about the characteristics. I also have my own application on Android that connects to my device BUT for some reason it is possible to read / write to the characteristics without entering a passcode.

The question is, how to correctly configure the device so as not to allow reading / writing to the characteristics until I enter the correct passcode?

Maybe I did not configure something correctly?

Or is the only way to protect against writing without a passcode, is to configure the characteristics with the GATT_PERMIT_AUTHEN_WRITE / GATT_PERMIT_AUTHEN_READ parameters?

  • Hello Nick,

    Thanks for reaching out.

    Could you please show me how the GATT_PERMIT_AUTHEN_READ and GATT_PERMIT_AUTHEN_WRITE are being used/ how the gatt table is configured? In addition, what are you bond manager settings in SysConfig?

    BR,

    David.

  • Hi

    I don't have the opportunity to take a photo of sysconfig, but I'm attaching what I use in the program, it looks like this is what I need.
    There is also how I configure the service. It is not entirely clear whether something needs to be changed in simpleProfileChar5Props?

  • Hello Nick,

    Have you pair/bond before or is it the first connection and first pair/bond? Could you please try using GATT_PERMIT_ENCRYPT_READ and GATT_PERMIT_ENCRYPT_WRITE instead? I just want to see if this works for you (it should ask you to pair and bond when you try to read the characteristic).

    BR,

    David.

  • Hi
    I assume that this is not the first pairing. Bonding, as I see, is disabled. Therefore, with each new connection, I am asked for a password.
    I tried to do as you said. I tested it in the nRFconnect application on an old Android phone (version 7.1.2). The result is similar to when using GATT_PERMIT_AUTHEN_WRITE / GATT_PERMIT_AUTHEN_READ. That is, I am asked to enter a password and only after that I can see / read the characteristics.
    I do not really understand the difference in these settings, since the behavior is the same.

    PS

    The issue is not quite resolved because I accidentally pressed the wrong button

  • Hello Nick,

    Sorry I do not understand. You mention that the result is similar when using the AUTH one, but then how is it that this time you cannot read char without entering password?

    That is, I am asked to enter a password and only after that I can see / read the characteristics.

    BR,

    David.

  • Hi

    1. when I use GATT_PERMIT_READ/GATT_PERMIT_WRITE then it seems to me that I can read and write to the characteristics inside my user service, regardless of whether I have already entered the passcode or not (after the request of the other party)
    2. If I set GATT_PERMIT_AUTHEN_WRITE / GATT_PERMIT_AUTHEN_READ in the characteristics then I cannot access my service and the characteristics inside until I enter the correct passcode.
    3. If I set GATT_PERMIT_AUTHEN_READ and GATT_PERMIT_AUTHEN_WRITE as you said, then my behavior is similar to case #2. Should the device behave differently?

  • Hello Nick,

    Sorry I think I misunderstood your question here. So, yes, setting the characteristics with properties GATT_PERMIT_AUTHEN_WRITE / GATT_PERMIT_AUTHEN_READ or even GATT_PERMIT_ENCRYPT_READ and GATT_PERMIT_ENCRYPT_WRITE is the way of protecting the characteristic from unwanted users. In the later one, the data is encrypted when is shared.

    BR,

    David.

  • Ok. thanks for help!