Hi Brian, On 08/13, Brian Gix wrote: > There are various "security sensitive" pieces of data that need to be > exchanged between Applications and the Bluetooth Mesh daemon. > > The following items will be encrypted before sending over D-Bus: > > token -- This is used by all nodes. > > net_keys, app_keys, dev_keys -- These will only typically be needed by > Provisioner/Config Client nodes to extract the keys for purposes of > Cponfiguration Database transfer. Please don't. I don't see any benefit from doing so. D-Bus traffic cannot be sniffed by an unprivileged user, and privileged user already has access to the storage and can extract all this information from there. In my opinion there is little point in encrypting D-Bus traffic. Noone else does that: - ConnMan sends login/password pairs over D-Bus in https://git.kernel.org/pub/scm/network/connman/connman.git/tree/doc/vpn-agent-api.txt - BlueZ sends pairing secrets in https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/doc/agent-api.txt regards -- Michał Lowas-Rzechonek <michal.lowas-rzechonek@xxxxxxxxxxx> Silvair http://silvair.com Jasnogórska 44, 31-358 Krakow, POLAND
