Concepts Bluetooth security: Pairing devices What is "Pairing"? Very often it is required for a device to authenticate iself when it wants to access a service. In that case the two devices needs to be paired. When two devices are paired, they can be sure about the identity of the other party. Without pairing, you would have to rely on the address or name of the other device, which can be faked easily. Pairing usually happens one time between two devices. After pairing, connections between the two devices will be authenticated automatically. Usually the pairing process will be started automatically when it is needed. You do not have to worry about a device not being paired if you want to access its services. If they try to authenticate, but fail, the pairing process will be started automatically. How does it work? Devices are paired to be sure about the identity of the other side. But the first step can't be done automatically. You have to make sure that you know who wants to pair with your device. This is done by entering a "PIN" number in both devices. The notion "PIN" is widely used, but misleading. It is not the type of PIN you have to enter to get money from a cash machine. You don't have to remember it. And after (!) the pairing is done you don't have to keep it secret. You only have to make sure that nobody else knows that number until you (or you two) entered this number in each device. To be on the safe side, you should not only keep the PIN secret during the pairing process, but you should also use a random number, which can't be guessed easily. TDE Bluetooth assists you here by creating a 8-digit random number itself if possible. You can also use characters for a pin, but then you might have problems entering it into the pin dialog on a mobile phone. The PIN helper But where should the pin be entered? As it was noted before, the devices will simply ask you for the PIN when is is needed. For BlueZ, things are a bit more complicated. There are several ways for BlueZ to get the PIN number from the user. TDE Bluetooth makes it simple by offering Authentication Agent that interacts with the bluetooth subsystem and offers dialogs to confirm or fill in PIN. Please see the setup instructions on how to set up the pin helper and what to do if it doesn't work. Managing paried devices After you have paired many devices you might ask yourself which devices are paired and which one not. You also may want to remove a pairing. First, no device can ever know for sure with which devices it is paired. When two devices are paired, they share a secret link key, which was created during the paring process based on the pin number and some other ingredients. Because the other side may decide to delete a link key without notice, haveing a link key for a given device doesn't guarantee that the link key on the other side still exists. If one link key is gone, the pairing does not exist anymore. Of course you can be sure that you are not paired with a device if you don't have a link key for it. So how can link keys be removed? That depends on the device. Most phones or PDAs have a list of "paired" or "trusted" devices, where you can remove single item from somehow. In TDE Bluez you can remove the device by using the "Devices..." and then select and delete the device. There is as special annoyance involved, when you frequently switch between different operating system which both use bluetooth (Linux<->Windows usually): When you pair your phone under Linux and then boot Windows, Windows will know nothing about the link keys managed by Bluez. So it appears as if the computer has dropped the link key and you will have to pair again. Depending on your device it might not even be possible to pair again without removing the "old" link key on the device before.