What is the difference between bonded_read and encrypted_read. As per link, both the links are encrypted. The device I am testing with uses "io_capability_noinputnooutput". So I am guessing bonded_read will use 'Just Works' pairing before it establishing a encrypted link. So in effect, both gives me an encrypted link without MITM protection. Is there an advantage of using one over the other? Am I failing to notice any other advantages of using 'bonded_read'? Thank you in advance for any help.
The difference is "if bonding is required for reading the attribute". Yes, you all understanding is correct, both needs encryption, and in your case, MITM protection is not provided. Just imagine one case where you don't bond with the device, you only pair with the device, attributes with encryption read can be read in this case, but not for bonded read.
How is the encryption triggered? When the Central tries to access a characteristics value with encrypted_read/write, does its BLE stack trigger pairing? Does it need to disconnect and reconnect the existing gatt connection?
I tried testing this with BlueZ as the Central. But the read/write fails. (I do not have the setup. Will post the error asap)
Yes, if any attempt to access the attribute which requires encryption, the stack will try to initiate pairing. You can also explicitly call the gecko_cmd_sm_increase_security to force pairing any time you want.
Thank you, Kevin
I am getting Error Code: Authentication Failure (0x05) when setting flags = 0x14 gecko_cmd_sm_configure(flags, io_capabilities).
Please see some logs attached. Is the flag setting correct?
You are setting no input no output capability, which can only support "Just works" in the pairing process. However, if you need authentication, you can't use this, you need display or input keyboard. For more information, I would suggest you to go through the security section of below link.