Hi all,
Just a quick writeup on the difference between pairing and bonding, since these terms get used interchangeably. I think this has to do with the usage of ‘pairing’ in Bluetooth Classic, or BR/EDR.
As far as Bluetooth LE is concerned, pairing and bonding are two very distinct things. The short explanations are that pairing is the exchange of security features each device has, and creating temporary encryption. Bonding is the exchange of long term keys AFTER PAIRING HAS OCCURRED, and STORING THOSE KEYS FOR LATER USE. Pairing is not the creation of permanent security between devices, that is called bonding. Pairing is the mechanism that allows bonding to occur.
Pairing
Pairing is the exchange of security features. This includes things like i/o capabilities, requirement for man-in-the-middle protection, etc. The client side begins this exchange. The client essentially says ‘hey, i’d like it if you had these features’. The server replies, ‘yeah, well, this is what I can do’. Once this exchange is made, the security that will be used has been determed. For example, if a server supports just noInput/noOutput for i/o capabilities, the Just Works pairing mechanism is going to be used.
Once the pairing feature exchange is complete, a temporary security key is exchanged and the connection is encrypted, but only using the temporary key. In this encrypted connection, long term keys are exchanged. These keys are things like the (long term) encryption key to encrypt a connection, and also things like a digital signature key. The exact keys exchanged are determined by the security features of each device.
Bonding
This really just means that after the pairing features exchange and the connection has been encrypted (these two together are called ‘pairing’), and keys have been exchanged, the devices STORE and USE those keys the next time they connect. Keys can be exchanged using the bonding procedure, but that does not mean they are bonded if the keys are not stored and used the next time.
If a device is bonded with another device, like a heart rate monitor and a smartphone, they can encrypt the connection without exchanging any sensitive security information. When the smartphone connects to the heart rate monitor, it can just issue a ‘turn on encryption’ request, and both sides will use the keys already stored, so nobody snooping can see a key exchange and therefore decode the messages being sent, as is done when pairing.
Hope that clarifies!
Pirate Comm 
Thanks! It’s worth for me!
Thank you!
thank you that is helpful
Very good article about the difference between pairing and bonding. Was great help to me! Thanks!
Perfect explanation!
10/10, Thanks for writing this. Concise and clear explanation.
Excellent explanation!
Can we have pairing without bonding?
Yes, you can. “pairing” is performing the pairing process which provides an exchange of some security-related feature support, then an authentication step (except for Just Works pairing), followed by enabling of temporary encryption. At that point, pairing is complete. After that, if long term keys are exchanged to be used the next time a connection is made, and those keys are saved by the devices, they have “bonded”.
NOTE, however, that in almost all implementations the devices bond after they pair. It is just accepted that basically everybody does this, which is probably why the terms get confused because to the end user, they look like the same thing.
does pairing occour again (at everyconnection) if devices are already bonded ?
no, it does not. Instead, the master will send an ‘encryption request’ that is part of a different layer of the stack (LE Controller volume link layer – this request does not involve the security manager or GAP layers)
If that fails, then it is known that one side has deleted their bonding information and they need to go through the pairing process to bond again.
Thank you very much for writing this!
I’m wondering if bonding is required for something like OTA firmware update? Or is it just recommended for better security?
Hello Lecila,
I’m not aware of any official Bluetooth specification for OTA upgrades, which means that it is proprietary to each manufacturer. I would assume they would require a bond, but you’ll have to check how it works in each case.
Since its proprietary, a lot more will vary than just bonding behavior. Characteristics involved, commands used, etc. Usually a radio vendor would provide a utility that will just ‘make it go’.
Fyi, the list of official specifications for bluetooth is located here https://www.bluetooth.com/specifications/adopted-specifications
So are you saying that encryption over BLE happens for both – pairing and bonding – regardless?
Yes, but they do not use the same encryption KEYS. The sequence goes like:
– pairing happens and one thing that occurs during pairing is a temporary key is exchanged
– that key is used to encrypt the connection
– additional information is exchanged including exchanging a long-term key
– both sides save the long term key, and THIS is the part that is bonding
Thank you. Nice explanation.
thanks a lot
Now if only we could get everybody to use these terms correctly! Even Google uses them basically interchangeably in the Android documentation.
One question: can BLE devices communicate without pairing? Is this a common thing?
Yes, they can. you can have no encryption, you can pair without bonding (which is weird, but it can be done), and you can bond. I think most people just bond, it’s mostly a function of the radio module or source library they’re using. A lot of the detail gets glossed over when you’re using a pre-certified radio module or software library. You just set options to yes and no and go on your way. So my suspicion is that most people just set a yes/no for encryption and that’s the most level of detail things go to.
It’s completely crazy how misunderstood the terms are. I only wrote two articles for this blog a few years ago but I keep thinking about starting it again because it seems that it’s still useful. Thanks for reading.
“When the smartphone connects to the heart rate monitor, it can just issue a ‘turn on encryption’ request”
is it the “connect” stage? if so, can only the central send a connect request for the peripheral or it can be done from each one?
I havent read the 5.0 spec for any changes related to this, but a peripheral can issue a ‘slave security request’ that will trigger the central to turn on encryption or of they have not bonded, initiate the pairing sequence.
Its a great article. Looks like everything here holds true in IOS. Anything different in ANDROID ? I have never seen a pairing request dialog in android. Thanks.
Hard to say. I’ve been away from it for awhile but not all android implementations work the same.