smartphone esp32 ble communcation and encryption

[blekyo]

Hi,
I'm quite new on the ble communcation. What I am trying to do is to create a gatt server with the esp32, which is working with the different example provided. What I'm struggling to do is to create a custom service and characteristic on my gatt server and also to encrypt the communication. Something like a common encryption key on both smartphone and esp32 gatt server in order to secure the communication, so only the gatt server itslef and the smartphone can understand each other.
Any suggestion or lead to make it happened would be really appreciate.
Thanks

[espiot]

Once connected, the encryption is taken care by the BLE stack. The SDK example such as spp server can help to create your own GATT servers. I found web Bluetooth is the easiest to work with as the client. Good luck.

[bschwind]

Is there anywhere I can read about the encryption used? I'm developing a device which uses BLE for a part of its operation and I want to have my bases covered and make sure I'm using it properly.

Right now the blufi example uses its own diffie-helman key exchange and encryption on top of BLE. espiot, are you saying that is unnecessary while using the BLE stack?

[blekyo]

Hi,
@espiot, if I'm not mistaken, "web Bluetooth" is no yet released and if you want to use it, the end user need to do a lot of steps by himself.

@bschwind, from my understanding, if you pair or bond with your device, the encryption of the data sent is not really needed because it's already handled by exchanging keys after connection.
But if you communicate with your esp32 only by "connection", I think an encryption of data is needed. There is no real documentation with explained example but you can have a look on blufi example, you can reuse the same process to do your encryption with the "mbedtls" library.

Hope it help you