I see there have been 2 posts about BLE Pairing and Bonding (where the keys are remembered from the initial Pairing such that on reconnection the pairing process does not need to be repeated to create a secure connection). The last post was closed without any reply. [BLE] Keep paired devices in memory and there was no way to reopen it. Simple question - does bonding now work with P2 and Device OS 5.7.0?
[Update] When the following log is received 000505314 [app] INFO: onPairingEvent STATUS_UPDATED status=0 LESC T bonded F I assume this is demonstrating that Pairing using LESC has succeeded but the devices are not Bonded. Should this be logged as a fault with this Device OS?
Hi Will-
Thanks for bringing this up! We do support pairing but don't support persistent bonding.
@Colleen Thank you for the confirmation that this feature is not yet supported. This is disappointing on 2 levels; 1. The Device OS reference intimates that it is supported and 2. From a security viewpoint when building a product using BLE services!
Could you please indicate whether bonding will be implemented in a future Device OS release?
Hi @Colleen is there an update on the bonding feature? This is quite essential for building a secure application using BLE. Is there a workaround?
@Strillo I believe the answer about bonding is that P2/Photon2 does not support it because the BLE SDK does not - maybe @rickkas7 could confirm this point?
The real issue though is that other than 'just works' there are no other supported pairing identity validation methods unless you implement them yourself in your application. For my application the device has no screen or buttons nor can 'out of band' methods be used since if pairing to do WiFi credentials setup you won't have another comms channel!
I have created another approach to security for pairing that uses a predefined key - it is not foolproof but better than nothing at all. It does rely on the mobile device using a specific app and the mobile device having a connection to the cloud to validate the key!