Thanks. Yeah, this what I did found myself, I was hoping some class was exposing the authentication methods and capability at least.
Any way to make the display to enter pin (I want the Android device to enter the pin)? Is the pairing authenticated (QBluetoothLocalDevice::requestPairing) will make it under the hood by itself? I'm not a big fan of using unexposed API especially when it work only on some device and not on others. Maybe I will try to use the OS pairing instead and only list the paired devices with the mobile. This would make the pin process work at least properly. Now I understand why so many BLE device give fake PIN (0000 or 1234) or no authentication at all. Back to drawing board of the application flow... -----Original Message----- From: Interest <[email protected]> On Behalf Of Alex Blasche Sent: November 23, 2018 2:14 AM To: [email protected] Subject: Re: [Interest] BLE OOB authentication The official Qt Bluetoothy API does not support OOB authentication. In fact, the Android APIs do not have official support for it either. There is a hidden function for it in BluetoothDevice on Android though: https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/bluetooth/BluetoothDevice.java#1040 With reflection you should be able to access it. There are quite a few examples on the Internet. If Qt were to implement this type of pairing, the function would have to take the additional parameters into account. -- Alex ________________________________________ From: Interest <[email protected]> on behalf of Jérôme Godbout <[email protected]> Sent: Thursday, 22 November 2018 8:54:11 PM To: [email protected] Subject: [Interest] BLE OOB authentication Hi, How does one can perform an OOB authentication for secure connection with Qt under Android (and iOS if possible but not 100% required, but would be sweet if I can manage both)? I was doing anonymous connection with the QLowEnergyController:: connectToDevice() but I also seen the QBluetoothLocalDevice::requestPairing<http://doc.qt.io/qt-5/qbluetoothlocaldevice.html#requestPairing>() but I'm a little confuse with the API, should the authentication be part of the connection when the capability are exchanged. I have a device that required authenticated connection and ideally with OOB capability, but I doubt I can specify this on the Android application when connecting. The requestPairing only have 2 option paired and authorizedPaired, but this only give the paired device capability, what I'm looking for is the authentication but I cannot find anything? Is authenticated and secure BLE connection impossible with those? I known that BLE is not top secure even with those, but I would still need to implement it. Maybe someone have an example of NFC OOB pairing under Qt Android that (s)he could share? That would give some hint. The Qt Bluetooth connection API is hard to follow when I compare to the specs and other embedded BLE stack I work with. I have create the OOB pairing with BLE 4.0 with a few embedded stack, but I cannot figure out how to do this with Qt or Android properly. My device authentication is mandatory (anonymous and unsecure connection are not allowed). Is there a way to do the following with Bluetooth with Qt or even Android java level: 1. Is there any configuration to device capability for authentication? 2. Specify the MITM options? 3. Make OOB capable? 4. PIN entry authentication? 5. Establish a secure 4.0 or secured 4.2 connection? Seem like the pairing/connection/authentication have been highly confused with each other into Qt framework and Android API, it look like a huge ugly mess. Pairing != Authentication Connection != Pairing Connection != Authentication 1. Connection is the way to establish a link with the Bluetooth device, at that point you are on anonymous connection. 2. Authentication is the ability to make sure the connected device is the right one and you can accept or reject the device if it failed to authenticate. 3. Pairing is the act of avoiding the authentication to be needed again by keeping the previous negotiated authentication with the other device between connection. [36E56279] une compagnie [cid:[email protected]] RAPPROCHEZ LA DISTANCE Jérôme Godbout Développeur Logiciel Sénior / Senior Software Developer p: +1 (418) 800-1073 ext.:109 amotus.ca<http://www.amotus-solutions.com/> statum-iot.com<http://statum-iot.com/> [cid:[email protected]]<https://www.facebook.com/LesSolutionsAmotus/> [cid:[email protected]] <https://www.linkedin.com/company/amotus-solutions/> [cid:[email protected]] <https://twitter.com/AmotusSolutions> [cid:[email protected]] <https://www.youtube.com/channel/UCoYpQgsmj1iJZyDjTQ3x8Ig> _______________________________________________ Interest mailing list [email protected] https://lists.qt-project.org/listinfo/interest
