From owner-freebsd-bluetooth@FreeBSD.ORG Mon Sep 26 01:21:38 2005 Return-Path: X-Original-To: freebsd-bluetooth@freebsd.org Delivered-To: freebsd-bluetooth@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8659E16A420 for ; Mon, 26 Sep 2005 01:21:38 +0000 (GMT) (envelope-from maksim.yevmenkin@savvis.net) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7EC043D4C for ; Mon, 26 Sep 2005 01:21:37 +0000 (GMT) (envelope-from maksim.yevmenkin@savvis.net) Received: from [192.168.1.254] (really [70.32.199.60]) by mta9.adelphia.net (InterMail vM.6.01.04.01 201-2131-118-101-20041129) with ESMTP id <20050926012136.KSXW24716.mta9.adelphia.net@[192.168.1.254]>; Sun, 25 Sep 2005 21:21:36 -0400 Message-ID: <43374D24.7010701@savvis.net> Date: Sun, 25 Sep 2005 18:21:40 -0700 From: Maksim Yevmenkin User-Agent: Mozilla Thunderbird 0.7.1 (Windows/20040626) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Vance Shipley References: <20050925225336.GA2110@feeble.motivity.ca> In-Reply-To: <20050925225336.GA2110@feeble.motivity.ca> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-bluetooth@freebsd.org Subject: Re: Is encryption supported? X-BeenThere: freebsd-bluetooth@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Using Bluetooth in FreeBSD environments List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2005 01:21:38 -0000 Vance Shipley wrote: > I am looking for a way to turn on encryption. Apparently the > gnubox application, which I need to get my Nokia 6620 doing > TCP/IP over bluetooth, insists on enabling encryption. > > I have tried: > > $ hccontrol -n ubt0hci write_encryption_mode 1 > $ hccontrol -n ubt0hci read_encryption_mode > Encryption mode: Only for point-to-point packets [0x1] if i'm not mistaken, the specification says that encryption will be enabled if connection authentication enabled as well, so you need # hccontrol -n ubt0hci write_authentication_enable 1 # hccontrol -n ubt0hci write_encryption_mode 1 you also need to make sure hcsecd(8) is running and you have paired your phone and pc. keep in mind that after you issue these commands freebsd will want to authenticate _all_ baseband connections. > However when I look at a connection I see it is not encrypted: > > $ hccontrol -n ubt0hci read_connection_list > Remote BD_ADDR Handle Type Mode Role Encrypt Pending Queue State > Nokia6620 7 ACL 0 MAST NONE 0 0 OPEN > > I see that Linux has a flag in /etc/bluetooth/hcid.conf to turn > on encryption. It also has a -encrypt command line option to dund. > > Is this a limitation with FreeBSD? well, somewhat. freebsd does not yet support for authenticating and/or encrypting _individual_ connection on request. you can turn authentication and/or encryption on/off globally with hccontrol(8). link authentication and encryption is really silly (kinda like WEP). if you really want encryption you should not use bluetooth. i'm not even sure why your application insists on it. bluetooth connections usually have short life time, devices have to be in rf proximity (10 meters) and you cant sniff/spoof bluetooth traffic with of-the-shelf (cheap) devices (or at least i do not know the way to do it :) thanks, max