The KW36's AES128 sample code or programming reference manual

Hi @sihanchen,

You could enable the Bluetooth LE security feature using the paring and bonding process.

You could enable it in the app_preinclude.h file. You will send all the information over the air encrypted.

/*! Enable/disable use of bonding capability */
#define gAppUseBonding_d 1

/*! Enable/disable use of pairing procedure */
#define gAppUsePairing_d 1

Also, depending on your application you could set the security mode and level in the app_config.c file. I am not sure if you want the secure connection feature.

Let me know if you have any further questions.

Regards,

Mario

Hi Mario,

         Thanks for your reply. In our project, we do not need a secure connection function. Just use AES128 function to encrypt the Central ATT packet and send it to Peripheral. So does this mean that all of ATT packet of Central need to be encrypted or just encrypt the part of data of ATT packet ?

Thanks again. 

Hi @sihanchen,

The Secure connections could help with the encryption process that you want, the Bluetooth LE stack will encrypt the communication and both sides will be able to decrypt the information that you are sending.

If you do not want to enable the pairing and bonding process, you could use the AES driver to encrypt the information that you want to send, but it is not recommended because you will have the key in the device, and it could not be really secure.

Regards,

Mario

Hi Mario, 

        Because the Peripheral device in our application is replaceable and does not provide an interface for the user to enter the password, so the Central device will automatically detect the appropriate Peripheral device and connect it.
        we cannot use pin code or bonding as the connection method in our product, is there any sample code for ATT packet encrypted by AES-driver? Or you can give me a related programming reference manual for this. Thank you very much.

Hi @sihanchen,

You are right, the Secure Connections is not possible because you do not have any input, however, you could set level 3 but you could be attacked by a MITM.

AES-related APIs are provided in the SecLib module in the framework. I am not sure if you are working with a specific example, but you could try with the wireless UART and send custom data, after that you could compare if the information was sent encrypted.

Regards,

Mario

Hi Mario,

       So far, I can use AES-128-API to encrypt the data of the ATT packet, but I cannot use AES-128-API to encrypt the entire ATT packet, which means that only the data part of the ATT packet is encrypted . So Sniffer-Tool can see the handle and characteristics of the ATT package.

Thanks. 

Hi @sihanchen,

You are right, our stack is taking care of the rest of the packet. You could use the just works option that will encrypt the packet.

There is another option, you could look at the GFSK example, you could implement the BLE stack routine by your side, but you will have more access to your own packet and security.

Regards

Mario