Connection Setup using Encryption and Bond Entry

Hi,

the central device in this case should be the device that offers the GATT service right?

So my peripheral device is the Gatt central?

I just want to be sure 🙂

If I use smp_pair I will see a "Pairing not supported" entry in Wireshark which is correct as the device is only connectable and not bondable in this state.

So pairing again seems not to be a solution.

Best regards

Alex

Hi @aglier ,

GAP Central device is the master of the connection that sends the connection request, initiates a pairing procedure or starts encryption. Optionally the peripheral device (or slave) cam send a security request to the master.

GATT server and client depends on who has the data and who requests for data and it is irrespective of their GAP roles mentioned above.

If I use smp_pair I will see a "Pairing not supported" entry in Wireshark which is correct as the device is only connectable and not bondable in this state.

So pairing again seems not to be a solution.

-> I'm not sure if I understand this. Pairing is the process by which we can start encryption. 

Can you please explain your use case in more detail maybe with flowcharts or complete terminal logs? Also what is your peer central device?

Sorry for the confusion.

In our case we are developing a USB dongle that uses the CYBT-343026 to establish a connection to a device.

When the device is in a bondable state (e.g. after unplugging the charger) the dongle will connect to the device and pair afterwards (including bonding).

That all works just perfect. I can see the bonding list entry in the CYBT module.

Now if the device changes into "connectable state" it will refuse any pairing attempts as it will only allow connections to already known/paired devices.

Now when I try to connect to the device in this "connectable state" I should not need to pair again.

But what happens, is that I can not write to the GATT characteristics of the device due to "insufficient authentication". (gattc_write_response Result=0x605)

So I was wondering if this authentication will be sufficient if the encryption is enabled (e.g. by initiating it after connect).

So  as I am the GAP central device, I should be responsible for enabling the encryption right?

I was always assuming that this is done automatically when a bonding entry exists. But I can't see any encryption related packages in wireshark.

Is there a command that starts an encrypted connection by using the existing bond entries?

In another EZSerial document for another module (4830XX) I found that there is an sec_action_type parameter for the smp_pair command that encrypts the link using the current key. That sounds like what I'm looking for....however, there is no such parameter in my documentation.

Best regards

Alex

Hi @aglier , Thanks for the clarification. I don't see a command to start encryption from the central side for previously bonded devices. I'm checking with the FW team if this is possible. We appreciate your patience.

Hi @BragadeeshV ,

thank you for answer.

It is sad to hear that it is not possible.

I wonder if this is not something rather standard to use the existing bonding for encryption....as this is the only reason for bonding, right?

Anyway, we will look into AIROC BTSDK.

Thanks again

Alex

Hi @aglier , Bonding in the Ez serial FW is implemented for the peripheral role and not for the central role. We recommend you to  evaluate BTSDK for more features.