Question - encryption options over GATT

[PhantomRay]

Hi @Emill Now I have successfully implemented a Flutter mobile GATT client and ble-host GATT server. It works as expected and seems very stable. Thank you for the wonderful library.

In regards to security, anything I can do to encrypt the data packet? Any build-in capability I can use? Currently there is no paring needed, however when the client connects, it does send a auth token for the server to validate.

[Scoutzknifez]

Furthermore, an example using the "encryption" value for characteristic.readPerm would be amazing to see on the README.

I am trying to do some sort of security / encryption without pairing the devices.

[Emill]

Hi. I'll see if I can add some more examples when I have time.

But basically BLE connections need to be paired/bonded in order to start encryption, otherwise the connection will be unencrypted.

Assuming you use this library as a peripheral and you use a smartphone as central, you can either just call https://developer.android.com/reference/android/bluetooth/BluetoothDevice#createBond() on Android, or send a "security request" from the peripheral as shown in the readme.

Another way to enforce encryption from the peripheral side is to add security levels to the characteristics, which usually causes centrals to automatically start the pairing process. This is the way Apple suggests people to do it for iOS. The readPerm and writePerm properties on characteristics can be used to achieve this.

The pairing flow with user passkey (if the peripheral has I/O capability) can be controlled in this library. See the readme under "Bonding" to configure it if you want to use something else than "Just Works".

[PhantomRay]

Thank you Emill. I will try the second way.