I'm trying to implement hard security connection between 2 BLE devices.
From official specification(https://www.bluetooth.com/blog/bluetooth-pairing-part-1-pairing-feature-exchange/) I got that I have few ways to pairing Legacy and Secure Connection, includes key exchange methods - (just works, oob, passentry and numeric comparison).
But as I understood in CoreBluetooth framework I can't manage the way to devices are connecting. The way how peripheral and central are connected is hide from me and I can't hope is security way. I found few posts: someone says - CoreBluetooth supports only just works, passentry, numeric comparison methods, but anyway we cant determine what method we are using.
Is there any ways to choice what type of connection and key exchange method I want to use in CoreBluetooth?
As example - I want to use Secure Connection with "just works" method
CodePudding user response:
As an iOS GATT client app developer, you don't have any control over the pairing or bonding process, in the current version of iOS at least.
When running iOS as central, it will initiate pairing either if the characteristic you are trying to interact with requires encryption, or the remote device sends an "SMP Security Request".
The used mechanism (legacy/secure connections, just works, passkey, numeric comparison etc.) will be based on the highest possible security that both devices support in common. iOS supports all features and thus the highest possible security (except oob/nfc pairing) so the chosen mechanism and security will therefore be based entirely on what the peripheral supports. If the peripheral that iOS connects to supports only Legacy Just Works, then that's the mechanism that will be used. If it supports LESC with Numeric Comparison, then that mechanism will be used. There is no way for the app developer to lower the security that iOS indicates it supports, to for example force Just Works if the remote device has a display or keyboard.
Unfortunately, from what I know, you don't know from the app's perspective the current security level that is actually in use though...