How to encrypt/decrypt API frames sent over Bluetooth

I am developing a React Native app (Javascript) that connects to an XBee3 over Bluetooth. I have successfully authenticated using SRP and now I need to send an AT Command request.

First: I assume that I encrypt the entire frame (including start byte and checksum). Is that correct?

Second: I have the Tx nonce value and I’m trying to understand the correct way to use it in the AES CTR mode encryptor. My current understanding is that it’s a 16-length byte array where the first 12 bytes are the nonce and the remaining 4 bytes are the zero-padded integer, i.e.

Nonce (12 bytes) Counter (4 bytes)

3b cf 74 55 d4 37 27 6c 0e 13 ce 60 00 00 00 01

Is this correct?

I am not sure where you are thinking that you need to use AES encryption on the BLE interface.

As for sample code, there is code in the Java Libraries.

XBee3 Pro Manual, page 315: “Upon completion of M2 verification, the session key has been determined to be correct and the API service is unlocked and will allow additional API frames to be used. Content from this point will be encrypted using AES-256-CTR with the following parameters…”

I verified that 1) is correct and 2) is also correct.

That is on page 316.

I did followed this repository and I am able to send frames using BLE on react native.

I assume that both options work.

Regards, Mary
site link

Thank you for the answers. this saved my time :slight_smile: