Encrypting The Data Transmission
Data encryption begins with encrypting the link. The Session Key (SK) is created using a session key diversifier (SKD). The first step in creating a SK is for the master device to send Link Layer encryption request message (LL_ENC_REQ) that contains the SKDmaster. The SKDmaster is generated using the LTK. The slave receives SKDmaster, generates SKDslave, and generates SK by concatenating parts of SKDmaster and SKDslave. The slave device responds with an encryption response message (LL_ENC_RSP) that contains SKDslave; the master will create the same SK.
Now that a SK has been calculated, the master and slave devices will now begin a handshake process. The slave will transmit unencrypted LL_START_ENC_REQ, but sets the slave to receive encrypted data using the recently calculated SK. The master responds with encrypted LL_START_ENC_RSP that uses the same SK just calculated and setting the master to receive encrypted data. Once the slave receives the master’s encrypted LL_START_ENC_RSP message and responds with an encrypted LL_START_ENC_RSP message the Bluetooth low energy devices can now begin transmitting and receiving encrypted data.