I'm working on a C++ project that deals with data transmission. My system is composed of two different devices, that have to exchange sensitive data in a trusted mode. To do this I downloaded and set up the last bluez library (v5.50) on my Raspberry Pi.
- Is there any possibility to enable data encryption using the bluez API?
Googling around the possibility to use the BLE encryption mechanism I found discordant opinions. Someone suggests using it while others one discourage it in favor of application-level encryption exploiting, for instance, the Cripto++ library.
- Which is the best solution?
Thanks
My recommendation is to always have the connection encrypted. Please see this answer which explains the benefits and importance of encrypted connections vs open connections.
In regards to encrypted connections, you can easily do this by pairing with a device. In BLE, pairing allows connection packets to be encrypted. Using BlueZ, you can easily do this from the command line using the bluetoothctl command as follows:-
Beforehand, please ensure that your BlueZ device can perform/accept connections and pairing as follows:-
The last command sets your IO capability to NoInputNoOutput, but you can change this to one of the following values:-
However, if you do that, you will need to pass the equivalent command line option when launching bluetoothctl as follows:-
If you want to view the underlying API for this, please have a look at the BlueZ source code, and you can start with client/main.c for the connection and pairing commands.
Finally, as Solomon Slow indicated, if you are promising the protection of sensitive data then you should definitely go for multi-level encryption. In other words, the link should be encrypted, as well as the data before being sent in the software, and if your device supports hardware-level encryption, then do that as well.
For further reading on BLE Encryption, please visit the Bluetooth Specification Version 5.0, Vol 2, Part H, Section 1: Security Overview.
I hope this helps.