search

h2zero / NimBLE-Arduino

A fork of the NimBLE library structured for compilation with Arduino, for use with ESP32, nRF5x.
https://h2zero.github.io/NimBLE-Arduino/
Apache License 2.0
672 stars 138 forks source link

Pairing key is not requested upon connect but only when accessing secure characteristic #528

Closed nelfata closed 1 month ago

nelfata commented 1 year ago

Is it possible to know if this is a feature or a bug. Trying to establish a connection between ESP32 and NRFConnect (iPhone), the passkey is only requested to be entered when accessing the characteristic. Typically, it should be prompted upon establishing a connection. 

NimBLEDevice::setSecurityAuth(true, true, true);
NimBLEDevice::setSecurityPasskey(pin);
NimBLEDevice::setSecurityIOCap(BLE_HS_IO_DISPLAY_ONLY);

Please advise. Thanks.

h2zero commented 1 year ago

This is how BLE works, unlike bluetooth classic. Here we can have devices that have some data secured and other data not secure. What you can do if you want to force a secure connection is call NimBLEDevice::startSecurity from the onConnect callback.

nelfata commented 1 year ago

Ok that's great, that's what I was looking for. Thank you.

By the way how to get conn_id on the server? (required by startSecurity())

chegewara commented 1 year ago

Im not sure, but with bluedroid version it is possible to force pin pairing on connection with security option. One of this with specific option, but i dont remember which one: https://github.com/nkolban/esp32-snippets/blob/master/cpp_utils/tests/BLETests/security/SampleClient_authentication_passkey.cpp#L72 https://github.com/nkolban/esp32-snippets/blob/master/cpp_utils/tests/BLETests/security/SampleClient_authentication_passkey.cpp#L68

nelfata commented 1 year ago

Thanks for the feedback. Those links show the client side.

chegewara commented 1 year ago

Security is not client nor server side, its GAP, so its "device side".

nelfata commented 1 year ago

Sorry, I am no expert in BLE. I see that the security is based on the characteristic settings and not on the service nor the device. I am trying to have the server not allow a connection to be established until the PIN is entered by the client (as an example).

h2zero commented 1 month ago

Sorry, I am no expert in BLE. I see that the security is based on the characteristic settings and not on the service nor the device. I am trying to have the server not allow a connection to be established until the PIN is entered by the client (as an example).

This was answered earlier, in the onConnect callback you need to call NimBLEDevice::startSecurity, the connection ID is provided by the callback parameter.