>>>> I'm trying to setup a raspberry pi as a bluetooth host allowing pairing from a >>>> phone, but with a predefined pincode, and I can't find any docs on how to do >>>> this. I find some on how to do this interactively, but then, this isn't meant >>>> to be used like that, more like a "blackbox". I've tried to google this quite a >>>> bit and reading the docs, but I can't find much. Any idea how to do this? >>> >>> With SSP, introduced in Bluetooth 2.1, there is no longer a need to >>> have predefined pincode. In case that you don't have any means to >>> confirm you should be able to use "NoInputNoOutput", you can check how >>> this is done in bluetoothctl: >> >> Perhaps I'm overseeing something, but I don't quite understand how SSP will >> help. I'm more concerned about unauthorized bluetooth clients pairing with this >> than MITM-attacks. I want pairing to be fairly simple, but I need a way to >> identify the client. > > Authorization is a separate concept, usually services will require > certain security level which when not met may cause the pairing > process to kick in, authorization may happen regardless of that if the > device is not trusted. In other words, Paired property tells if the > device if the device has been authenticated and a link-key exists and > Trusted tell if the device can connect without being authorized by the > agent, the 2 properties acts completely independent. > > For instance, this is how we handle authorization in bluetoothctl: > > https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/client/agent.c#n242 > > Note that RequestAuthorization is for authorizing a new pairing not a > new connection, which is done by AuthorizeService: > > https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/doc/agent-api.txt#n161 > https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/doc/agent-api.txt#n174 > > In both cases the device object is given so you can identify who is > pairing/connecting. I see - thanks. This is all pretty new to me. Do you know how I can use bluetoothectl or similar tools to script up authorisation with the client without digging deeply into the API? Vennlig hilsen roy -- Roy Sigurd Karlsbakk (+47) 98013356 http://blogg.karlsbakk.net/ GPG Public key: http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt -- Hið góða skaltu í stein höggva, hið illa í snjó rita. -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
