Re: Using a predefined passkey on a BLE peripheral device with no input/output

Li, Jun R

Hi Johan,

My requirement is exactly like what you said: every device has a unique passkey stored and labeled on this case. The user needs to check the case to get the right passkey and enter it when paring the device.

Sure, I'll create a GitHub issue to request this feature. Thanks very much for your support!


On 6/12/18, 13:43, "Johan Hedberg" <johan.hedberg@...> wrote:

Hi Jun,

We don't have such a feature currently (no one has asked for it until
now). Do I understand right that you want to have a per-device static
random passkey that's e.g. on a sticker on the device, in the packaging
or the manual, and the user then needs to read that and enter it into
the other device that's initiating the pairing?

I would do this as a runtime API instead of Kconfig since some devices
may need to dig out the value from a special flash location or factory

By calling the new (yet to be defined) API it would essentially force
our IO Capability to DisplayOnly, however instead of using the
passkey_display callback from struct bt_conn_auth_cb we would use the
value given by the app using the new API? I suppose we should also
reject pairings from any remote device which doesn't have sufficient IO
capabilities to perform passkey entry (say, they have DisplayOnly or
NoInputNoOutput), right? Are there any special considerations with
legacy pairing vs secure connections that should be taken into account?

Could you open a github issue for this, so we can document the exact
requirement, and get it implemented in time for Zephyr 1.13?


On Tue, Jun 12, 2018, Li, Jun R wrote:
> Hi Johan,
> Is that a way to pre-set the static passkey by like a Kconfig item? Six zeros are not good as a passkey.
> Regards,
> Jun
> On 6/12/18, 01:21, "Johan Hedberg" <johan.hedberg@...> wrote:
> Hi Jun,
> On Mon, Jun 11, 2018, Li, Jun R wrote:
> > I have a NRF51 BLE device which doesn’t have either a display or a
> > keyboard, and would like to use a static passkey to secure the
> > connection establishment. Is it possible to use a static pre-defined
> > passkey in Zephyr’s BLE stack and how is the static passkey defined?
> The normal way to configure pairing on a device which lacks both output
> and input capabilities is to set NoInputNoOutput as the IO capability in
> the Security Manager Protocol. This will then cause an all-zeroes
> "pre-defined" passkey to be used for pairing. The simplest way to do
> this is by not registering a "struct bt_conn_auth_cb" using the
> bt_conn_auth_cb_register() API, i.e. remove that call from your app if
> you have it there.
> Johan

Join to automatically receive all group messages.