DBus API clarification about security

DBus API clarification about security

[Zeno Endemann]

Hello,

I was trying to implement a BTLE Peripheral with characteristics only
accessible to paired devices.

IIUC for read/write characteristics, one is supposed to set the
"encrypt-read/write" org.bluez.GattCharacteristic1 "Flags" property, and
for notify/indicate characteristics the CCCD needs to have the
"encrypt-write" flags set instead. Is this correct?

The CCCD for a characteristic is apparently automatically generated by
bluez, so how is one supposed to override that? I tried to add a CCCD
manually to the example-gatt-server, like this:

class ClientCharacteristicConfigurationDescriptor(Descriptor):
    CCCD_UUID = '2902'
    def __init__(self, bus, index, characteristic):
        self.value = [dbus.Byte(0), dbus.Byte(0)]
        Descriptor.__init__(self, bus, index, self.CCCD_UUID,
                ['read', 'encrypt-write'], characteristic)
    def ReadValue(self, options):
        return self.value
    def WriteValue(self, value, options):
        self.value = value

But that didn't seem to work.

On that note, I wasn't really able to find documentation about those
flags (e.g. the difference between "encrypt-read",
"encrypt-authenticated-read", and "secure-read"). I assume these map
directly to some bluetooth specifications, which I have to admit not
knowing much about. But I was hoping to find some application developer
guidelines or similar publicly available documents, and not having to
study some long complicated specification first.

Any hints would be much appreciated.

Thanks,

-- 
Zeno Endemann | zeno.endemann@kdab.com | Software Engineer
KDAB (Deutschland) GmbH, a KDAB Group company
Tel: +49-30-521325470
KDAB - The Qt Experts