NimBLE-Arduino icon indicating copy to clipboard operation
NimBLE-Arduino copied to clipboard

Published 20 hours ago verified publisher icon h2zero

Pairing key is not requested upon connect but only when accessing secure characteristic

Open nelfata opened this issue 2 years ago • 6 comments
trafficstars

Is it possible to know if this is a feature or a bug. Trying to establish a connection between ESP32 and NRFConnect (iPhone), the passkey is only requested to be entered when accessing the characteristic. Typically, it should be prompted upon establishing a connection.

NimBLEDevice::setSecurityAuth(true, true, true);
NimBLEDevice::setSecurityPasskey(pin);
NimBLEDevice::setSecurityIOCap(BLE_HS_IO_DISPLAY_ONLY);

Please advise. Thanks.

nelfata avatar Apr 16 '23 16:04 nelfata

This is how BLE works, unlike bluetooth classic. Here we can have devices that have some data secured and other data not secure. What you can do if you want to force a secure connection is call NimBLEDevice::startSecurity from the onConnect callback.

h2zero avatar Apr 16 '23 23:04 h2zero

Ok that's great, that's what I was looking for. Thank you.

By the way how to get conn_id on the server? (required by startSecurity())

nelfata avatar Apr 16 '23 23:04 nelfata

Im not sure, but with bluedroid version it is possible to force pin pairing on connection with security option. One of this with specific option, but i dont remember which one: https://github.com/nkolban/esp32-snippets/blob/master/cpp_utils/tests/BLETests/security/SampleClient_authentication_passkey.cpp#L72 https://github.com/nkolban/esp32-snippets/blob/master/cpp_utils/tests/BLETests/security/SampleClient_authentication_passkey.cpp#L68

chegewara avatar Apr 17 '23 05:04 chegewara

Thanks for the feedback. Those links show the client side.

nelfata avatar Apr 17 '23 23:04 nelfata

Security is not client nor server side, its GAP, so its "device side".

chegewara avatar Apr 17 '23 23:04 chegewara

Sorry, I am no expert in BLE. I see that the security is based on the characteristic settings and not on the service nor the device. I am trying to have the server not allow a connection to be established until the PIN is entered by the client (as an example).

nelfata avatar Apr 18 '23 13:04 nelfata

Sorry, I am no expert in BLE. I see that the security is based on the characteristic settings and not on the service nor the device. I am trying to have the server not allow a connection to be established until the PIN is entered by the client (as an example).

This was answered earlier, in the onConnect callback you need to call NimBLEDevice::startSecurity, the connection ID is provided by the callback parameter.

h2zero avatar Jun 04 '24 22:06 h2zero