如何使用Bluez5.50使用BLE连接加密数据 [英] How to encrypt data using BLE connection using Bluez5.50
问题描述
我正在从事一个处理数据传输的C ++项目.我的系统由两个不同的设备组成,这些设备必须以受信任的方式交换敏感数据.为此,我在Raspberry Pi上下载并设置了最后一个bluez库(v5.50).
I'm working on a C++ project that deals with data transmission. My system is composed of two different devices, that have to exchange sensitive data in a trusted mode. To do this I downloaded and set up the last bluez library (v5.50) on my Raspberry Pi.
- 是否有可能使用bluez API启用数据加密?
围绕使用BLE加密机制的可能性进行了搜索,我发现意见不一致.有人建议使用它,而另一些人则建议不要使用它,而推荐使用诸如Cripto ++库之类的应用程序级加密.
Googling around the possibility to use the BLE encryption mechanism I found discordant opinions. Someone suggests using it while others one discourage it in favor of application-level encryption exploiting, for instance, the Cripto++ library.
- 哪个是最好的解决方案?
谢谢
推荐答案
我的建议是始终对连接进行加密.请参阅此答案解释了加密连接与开放连接的优点和重要性.
My recommendation is to always have the connection encrypted. Please see this answer which explains the benefits and importance of encrypted connections vs open connections.
关于加密连接,您可以通过与设备配对轻松地做到这一点.在BLE中,配对允许对连接数据包进行加密.使用BlueZ,您可以使用bluetoothctl命令从命令行轻松完成此操作,如下所示:-
In regards to encrypted connections, you can easily do this by pairing with a device. In BLE, pairing allows connection packets to be encrypted. Using BlueZ, you can easily do this from the command line using the bluetoothctl command as follows:-
bluetoothctl
[bluetoothctl] connect 00:11:22:33:44:55
[bluetoothctl] pair 00:11:22:33:44:55
请事先确保您的BlueZ设备可以执行/接受连接和配对,如下所示:-
Beforehand, please ensure that your BlueZ device can perform/accept connections and pairing as follows:-
btmgmt connectable on
btmgmt bondable on
btmgmt io-cap
btmgmt 3
最后一条命令将您的IO能力设置为NoInputNoOutput,但是您可以将其更改为以下值之一:-
The last command sets your IO capability to NoInputNoOutput, but you can change this to one of the following values:-
0 DisplayOnly
1 DisplayYesNo
2 KeyboardOnly
3 NoInputNoOutput
4 KeyboardDisplay
但是,如果这样做,则在启动bluetoothctl时需要传递等效的命令行选项,如下所示:-
However, if you do that, you will need to pass the equivalent command line option when launching bluetoothctl as follows:-
bluetoothctl --agent KeyboardOnly
bluetoothctl --agent KeyboardDisplay
bluetoothctl --agent NoInputNoOutput
bluetoothctl --agent DisplayOnly
如果您要查看基础API,请查看 BlueZ源代码,您可以从 client/main.c 用于连接和配对命令.
If you want to view the underlying API for this, please have a look at the BlueZ source code, and you can start with client/main.c for the connection and pairing commands.
最后,正如所罗门·斯洛(Solomon Slow)所指出的那样,如果您承诺保护敏感数据,那么您绝对应该进行多级加密.换句话说,应该在软件中发送链接之前对链接以及数据进行加密,如果您的设备支持硬件级加密,那么也应该对其进行加密.
Finally, as Solomon Slow indicated, if you are promising the protection of sensitive data then you should definitely go for multi-level encryption. In other words, the link should be encrypted, as well as the data before being sent in the software, and if your device supports hardware-level encryption, then do that as well.
有关BLE加密的更多信息,请访问蓝牙规范版本5.0,第2卷,H部分,第1节:安全概述.
For further reading on BLE Encryption, please visit the Bluetooth Specification Version 5.0, Vol 2, Part H, Section 1: Security Overview.
我希望这会有所帮助.
这篇关于如何使用Bluez5.50使用BLE连接加密数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!