This article is extremely valuable:
But I still have a question.
I'll try to describe it in details. In the system_boot event I issue "call sm_set_bondable_mode(1)". In the connection_status event I pair 2 devices using "call sm_encrypt_start(0, 1)" and I get second connection_status event with connection flags variable with bit 1 set => so connection encrypted. Then I get sm_bond_status event that tells me that bond handle is 0 and 2 devices have been worked out the long-term key. OK.
Then I reset 2 devices. In system_boot event I see that each device has 1 bonding. OK. Then I get connection_status event but in connection flags variable there is NO bit 1 set => so connection is NOT encrypted. Why? 2 devices have the long-term key, so why don't they use encryption? I issue the "call sm_encrypt_start(0, 1)" myself and I get the connection flags variable with bit 1 => so connection is encrypted. But I have no idea whether 2 devices have been entering the re-paring procedure again and working out the new key or they use the old long-term key. I hope they use the old long-term key but I need clarification.
This is expected behavior. Encryption is used to encrypt the communication between two modules and bonding is creating and exchanging keys. After reset of the system exchanged keys are still exist on both sides (bonding still exist) but connection is no longer encrypted (encryption bit = 0) and you need to encrypt it one more time. Additionally if you establish the connection at first time and perform encrypt command then bonding is created automatically, because bonding is necessary if you want to encrypt the connection ( but on the other hand encryption is not mandatory to create bonding).
Thank you for answer. Let's get it straight if I just call sm_encrypt_start(0, 0) => my devices will work out the temporary key and use it. If I call sm_set_bondable_mode(1) and call sm_encrypt_start(0, 1) => my devices will use long-term key. Right?
Please let me edit my answer and add some explanation. In the first case the bonding is not created (parameter 0 in encrypt_start command) but connection is encrypted.
If you encrypt the connection without bonding then long-term keys are also created and exchanged in the moment of encryption between two devices but only temporary. Bonding additionally saves those keys so that devices remember each other.