2 Pairing types and Auth Key
Petr Vaněk edited this page 2 weeks ago

There are several types of Bluetooth pairing machanism: Legacy Pairing and Secure Simple Pairing (SSP)

Legacy Pairing

Each device must enter a PIN code; pairing is only successful if both devices enter the same PIN code.

As for Gadgetbridge, devices just ask for confirmation/number during pairing, this is all.

Secure Simple Pairing (SSP)

SSP pairing is centered around a shared secret between 2 Bluetooth devices.

MAC Address remembering

  • the watch just remembers phone's BT MAC address as the shared secret

Application determined secret

  • The key is determined by the App (eg. Gadgetbridge, where we call it Auth Key), sent to the watch and then stored there
  • The key can be changed in the watch by re-pairing in Gadgetbridge, that means:
    • keep the device in Gadgetbridge, disconnect ot by long-press on device name in Gadgetbridge main screen
    • remove (unpair) the watch from Android phone Bluetooth pairing (if paired)
    • change the Gadgetbridge Auth Key (Gadgetbridge → Device → Settings → Auth Key) (if you erase the key, Gadgetbridge will generate new unique key)
    • press the + Add new device floating button
    • select the device and confirm the pairing on the watch

Re-using the Auth Key between multiple phones

If you use (copy/paste) the same Auth Key in several Gadgetbridge apps on different mobile devices (phones, tablets), all of them will be able to connect to your device and fetch data.

Vendor determined secret, aka server based pairing

Instead of the app deciding/generating the key, the vendor decides what this key is. For example for Huami devices, since the Bip Lite the key is generated by Huami servers and CANNOT be be decided by Gadgetbridge. This is based on signing, the server signs a random number FROM the watch with a UNKNOWN secret key under their control hidden away. IIRC the key is derived from the signature and the signature is checked by the watch.

In Gadgetbridge, this means that you must first obtain the secret, before you can pair your watch with Gadgetbridge. See more details in Server based pairing article.