• State Resolved
  • Locked Locked
  • Replies 2 replies
  • Subscribers 50 subscribers
  • Views 952 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

what is difference the key being used during bonding process and encryption/decryption process for general data of a characteristic?

Ji-won Lee
Genius 3630 points
Other Parts Discussed in Thread: AES-128

 Hi TI engineers & Forum members,

I am trying to add the encryption and decryption using AES-128. It will encrypt a specific characteristic buffer before sending to iOS device or decrypt it after receiving from iOS device.

So, I have read some documents and talkings from here and downloaded some reference source code.

It seems that LL_Encrypt() and LL_EXT_decrypt() API are enough for me to add the feature.

I checked that the above APIs work well.

By the way, I have a question about the key.

Source code and Sniffer manual mention about it simply using 16 bytes buffer with character type. Also, Its values could have any values. my understanding is right?

If yes, is this above key different from the key (LTK) value being exchanged with iOS device during pairing and bonding process?

If the key is the same, the exchanging process is being managed by BT stack itself internally? right?

As reference, I assigned a property with GATT_PERMIT_AUTHEN_READ and enabled bonding manager.

So, through this, authentication operation and bonding process work well and I saw the tranactions are hidden from the sniffer.

Thanks in advance for your kind explanations.

John

  • 0
    TI__Mastermind 34660 points

    Are you simply trying to encrypt and decrpyt over-the-air data?  When devices are paired and/or bonded, the stack automatically does this for you.

    If you are trying to do some type of application-level en/decrypting, then yes, those are the two API's you should use.  In this case, you are free to choose any key to use for encryption.  You can choose the LTK if you want but I'm not sure this adds any security since this key is already being used to encrypt the link.

    Note that authentication (GATT_PERMIT_AUTHEN_READ) is different from encryption (GATT_PERMIT_ENCRYPT_READ).  Authentication means an out-of-band method (such as entering a passcode) was used to generate the session keys. The general security process is:

    1. pair (exchange security capablities and preferences)
    2. if agreed upon in step 1, perform authentication using an out-of-band key exchange. otherwise, transfer keys over-the-air (just-works)
    3. using the keys from step 2, encrypt the link
    4. if bonding is desired, store the long-term-keys in flash

    This is further explained in the Bluetooth Core Spec.

  • 0 in reply to Tim C
    Genius 3630 points

    Thanks Tim,

    We decided not to use application-level encryption/decryption as BT stack automatically does it.

    Thanks again,

    John