IRK and ERK what are those? what do they affect?
Question
IRK and ERK appear as constants in my ST BLE device project code example.
/**
* Identity root key used to derive LTK and CSRK
*/
#define CFG_BLE_IRK {0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0}
/**
* Encryption root key used to derive LTK and CSRK
*/
#define CFG_BLE_ERK {0xFE, 0xDC, 0xBA, 0x09, 0x87, 0x65, 0x43, 0x21, 0xFE, 0xDC, 0xBA, 0x09, 0x87, 0x65, 0x43, 0x21}
static const uint8_t BLE_CFG_IR_VALUE[16] = CFG_BLE_IRK;
static const uint8_t BLE_CFG_ER_VALUE[16] = CFG_BLE_ERK;
aci_hal_write_config_data(CONFIG_DATA_IR_OFFSET,
CONFIG_DATA_IR_LEN,
(uint8_t*) BLE_CFG_IR_VALUE);
aci_hal_write_config_data(CONFIG_DATA_ER_OFFSET,
CONFIG_DATA_ER_LEN,
(uint8_t*) BLE_CFG_ER_VALUE);
Wandering if those need to be different between devices? eg, In case of producing thousand devices with that code, do I keep them values constant or do I randomize them?
1 answers
solution1
1 2022-05-10 08:13:23
You need to randomize them with a cryptographically secure random number generator. The data should stay persistent as long as at least one bond exists.
If you don't randomize the IRK, multiple devices will incorrectly be identified as the same device.
For the other keys you will lose security if you reuse keys.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.