1

So far I am able to do things two different ways.

I can advertise a service on the Pi, connect from an Android app, and read/write characteristics. From my understanding, this communication is not encrypted.

I have been able to do the same thing adding pairing and bonding to the mix. I advertise a service on the Pi with an agent, connect from an Android app, and as soon as I try to read/write a characteristic I get a prompt on my phone asking to pair. From my understanding, after pairing is succesful the communication is encrypted.

That last part is great. However, I am looking to pair without bonding, mainly because I don't want to end up with a huge list of devices on my bluetooth settings. Android seems to use this term interchangeably, which just makes everything more confusing.

I know it's possible to do it as per this video. I just haven't figured out how to actually do it myself.

Any help is appreciated.

santiago
  • 93
  • 7

2 Answers2

1

Technically speaking, pairing is the process of exchanging the keys with a remote device, while bonding is the process of storing these keys. Some devices use the terminology "pairing" to indicate the the keys are exchanged and the connection is encrypted, but the keys will not be stored for future use. On Android this is not possible as far as I'm aware, and you always need to store the keys. This can be seen in the link below (see the section Bonding with a BLE Device):-

The Ultimate Guide to Android BLE

Some other useful links:-

Youssif Saeed
  • 11,789
  • 4
  • 44
  • 72
  • I appreciate your answer. Sadly I've already gone to all of those resources and they don't really get where I'm going. Based on the video that I linked I think I made the wrong question, and I should be looking at how to disable bonding on the Pi. Thanks! – santiago Jun 07 '22 at 15:20
1

This is totally possible according to the Bluetooth protocol specification. If at least one device sets "bonding flags" to "no bonding" in the AuthReq field of the Pairing Request or Pairing Response, no bonding information shall be permanently stored.

If you're using BlueZ, I'm not sure if it allows you to configure this though.

For Android, people report that Android does not respect this flag and creates a bond anyway (Why does Android bond even when asked not to bond?).

Emil
  • 16,784
  • 2
  • 41
  • 52
  • Based on your answer I was able to find `btmgmt`, BlueZ management API. The manual lists that both the `pairable` and `bondable` commands "Toggle bondable state". So I tried only toggling the bondable state off with `sudo btmgmt bondable off`, and then I tried turning both off. Neither of these worked, the devices kept bonding. Seems to be some kind of weird limitation from Android. I guess I'll have to just keep it this way. If nothing else comes up I'll mark this as the solution. Thanks! – santiago Jun 09 '22 at 17:24