Hello,
I have the following problem. I have a BLE device based on ESP32. It does not have input or output capabilities. I am using ESP-IDF and the NimBLE stack.
I want to do password authentication as follows:
1. User pairs to the ESP32 device from a smartphone app.
2. User generates a passkey or password and sends it to the ESP32 device, which in turn sets it as a password for pairing.
3. The next time a user wants to connect, the ESP32 device sends him a request for password.
4. If he enters the correct password, he pairs to the device. If not, he cannot pair.
I found this sample project - https://github.com/espressif/esp-idf/tr ... ity_server, but it's for Bluedroid and not quite what I need, at first glance.
Is this possible with the NimBLE stack and is there example code for this scenario?
Passkey/password pairing with BLE with NimBLE stack
-
- Posts: 16
- Joined: Wed May 05, 2021 11:00 am
-
- Posts: 16
- Joined: Wed May 05, 2021 11:00 am
Re: Passkey/password pairing with BLE with NimBLE stack
So in the project I linked I can set different I/O capabilities, which determine which security mode is used. As I can see, since my device is "no input, no output" the only option is "just works". In other words, no possibility to set a password.
Another option is, after receiving the pairing request from the central, to interrupt the pairing procedure and prompt for a password. But that too won't work, because the only way for a central to send the password is to write to a characteristic (right?), and they don't have access to them yet.
Which probably leaves me with one option - user connects, but access to all services/characteristics is disabled, except the one for the password. As soon as they enter the correct password, I enable them again.
So the question is - how to temporarily disable access to characteristics for a connected user?
Another option is, after receiving the pairing request from the central, to interrupt the pairing procedure and prompt for a password. But that too won't work, because the only way for a central to send the password is to write to a characteristic (right?), and they don't have access to them yet.
Which probably leaves me with one option - user connects, but access to all services/characteristics is disabled, except the one for the password. As soon as they enter the correct password, I enable them again.
So the question is - how to temporarily disable access to characteristics for a connected user?
Who is online
Users browsing this forum: Gaston1980, Google [Bot], guillaumesene and 77 guests