The hcsecd daemon controls link keys and PIN codes for Bluetooth devices. It opens raw HCI socket and listens for the Link_Key_Request, PIN_Code_Request and Link_Key_Notification HCI events.
Once Link_Key_Request or PIN_Code_Request HCI event is received, the daemon will scan configuration file for matching entry. The remote device BD_ADDR is used as a key. If no matching entry was found, the default entry will be used. If no default entry was found then it is assumed that no link key and no PIN code exists. For any given entry, link key takes precedence over PIN code. If link key was not specified, it means device must generate link key from PIN code. If entry was found and the link key (or PIN code) exists then the Link_Key_Request_Reply (or PIN_Code_Request_Reply) command will be sent back to the device. Otherwise, the Link_Key_Request_Negative_Reply (or PIN_Code_Request_Negative_Reply) command will be sent back to the device.
The hcsecd daemon also handles HCI Link_Key_Notification event and caches link keys created from the PIN codes in the memory. To preserve link keys between restarts the hcsecd daemon dumps link keys for all entries in the /var/db/hcsecd.keys link keys file. If exists, the link keys file gets processed by hcsecd daemon after it processes its main configuration file. The link keys file gets written every time hcsecd daemon is gracefully shutdown. It is possible to force hcsecd daemon to re-read its main configuration file and dump link keys file by sending HUP signal to the hcsecd process. User is not expected to modify link keys file by hand.
The command line options are as follows: