Hi,
I want to establish a secure connection with a peripheral BLE device via iOS 8 and on.
I want to make this connection as secure as possible using the standard BLE's 128bit AES encryption.
From the different key exchange methods that are available i can understand that:
1. "Just works" key exchange - not secure at all (any eavesdropper can hack this).
2."Passcode" key exchange - not secured enough (pass code is 6 digits - eavesdropper can brute force easily and get the AES key).
3."Out of Band" Key exhange - seems that this is strong (transferring the full 128bit key via other means besides BLE).
It look like that OOB (or similar) is the only secure method which BLE secured connection can be established.
My questions:
1.Is OOB can be used in IOS 8? I understood that the API for this is private and cannot be used in IOS. From my understanding , OOB relates to any method of key exchange besided BLE (e.g. NFC, WiFi , long number on a sticker) but in the several formus it seems that it relates only to NFC.
2.Can I change the encryption key myself? I would like to get a specific key from a third side server and insert it.
thanks,
Hagay.