diff --git a/adapter_nrf528xx-full.go b/adapter_nrf528xx-full.go
index 64dc9542..27015e95 100644
--- a/adapter_nrf528xx-full.go
+++ b/adapter_nrf528xx-full.go
@@ -99,8 +99,33 @@ func handleEvent() {
 		case C.BLE_GAP_EVT_PHY_UPDATE_REQUEST:
 			phyUpdateRequest := gapEvent.params.unionfield_phy_update_request()
 			C.sd_ble_gap_phy_update(gapEvent.conn_handle, &phyUpdateRequest.peer_preferred_phys)
+		case C.BLE_GAP_EVT_AUTH_STATUS:
+			// here we get auth response
+			// TODO: save keys to flash for pairing/bonding
 		case C.BLE_GAP_EVT_PHY_UPDATE:
-			// ignore confirmation of phy successfully updated
+		// ignore confirmation of phy successfully updated
+		case C.BLE_GAP_EVT_SEC_PARAMS_REQUEST:
+			if debug {
+				println("evt: security parameters request")
+			}
+			// would assume this depends on the role,
+			// as for central we need to call sd_ble_gap_authenticate after connection esteblished instead
+
+			// in general key can be null, i would assume in our case we need to read it from flash here
+			// so we we do not reapprove bonding
+			errCode := C.sd_ble_gap_sec_params_reply(gapEvent.conn_handle, C.BLE_GAP_SEC_STATUS_SUCCESS, &secParams, &secKeySet)
+			if errCode != 0 {
+				println("security parameters response failed:", Error(errCode).Error())
+				return
+			}
+			if debug {
+				println("successfully established security parameters exchange")
+			}
+
+		case C.BLE_GAP_EVT_LESC_DHKEY_REQUEST:
+		// TODO: for LESC connection implementation
+		// 	peerPk := eventBuf.evt.unionfield_gatts_evt()
+		// 	sd_ble_gap_lesc_dhkey_reply(gapEvent.conn_handle, ble_gap_lesc_dhkey_t const *p_dhkey))
 		default:
 			if debug {
 				println("unknown GAP event:", id)
diff --git a/adapter_nrf528xx.go b/adapter_nrf528xx.go
index 7c47f4ec..1a405bf0 100644
--- a/adapter_nrf528xx.go
+++ b/adapter_nrf528xx.go
@@ -19,6 +19,50 @@ import (
 	"unsafe"
 )
 
+// TODO: Probably it should be in adapter_sd, but as it's usage is added only for nrf528xx-full.go
+// as well as i do not have other machines to test, adding it here for now
+
+type GapIOCapability uint8
+
+const (
+	DisplayOnlyGapIOCapability     = C.BLE_GAP_IO_CAPS_DISPLAY_ONLY
+	DisplayYesNoGapIOCapability    = C.BLE_GAP_IO_CAPS_DISPLAY_YESNO
+	KeyboardOnlyGapIOCapability    = C.BLE_GAP_IO_CAPS_KEYBOARD_ONLY
+	NoneGapIOCapability            = C.BLE_GAP_IO_CAPS_NONE
+	KeyboardDisplayGapIOCapability = C.BLE_GAP_IO_CAPS_KEYBOARD_DISPLAY
+)
+
+var (
+	secParams = C.ble_gap_sec_params_t{
+		min_key_size: 7, // not sure if those are the best default length
+		max_key_size: 16,
+	}
+
+	secKeySet C.ble_gap_sec_keyset_t = C.ble_gap_sec_keyset_t{
+		keys_peer: C.ble_gap_sec_keys_t{
+			p_enc_key:  &C.ble_gap_enc_key_t{},   /**< Encryption Key, or NULL. */
+			p_id_key:   &C.ble_gap_id_key_t{},    /**< Identity Key, or NULL. */
+			p_sign_key: &C.ble_gap_sign_info_t{}, /**< Signing Key, or NULL. */
+			p_pk:       &C.ble_gap_lesc_p256_pk_t{},
+		},
+		keys_own: C.ble_gap_sec_keys_t{
+			p_enc_key:  &C.ble_gap_enc_key_t{},   /**< Encryption Key, or NULL. */
+			p_id_key:   &C.ble_gap_id_key_t{},    /**< Identity Key, or NULL. */
+			p_sign_key: &C.ble_gap_sign_info_t{}, /**< Signing Key, or NULL. */
+			p_pk:       &C.ble_gap_lesc_p256_pk_t{},
+		},
+	}
+)
+
+// are those should be methods for adapter as they are relevant for sd only
+func SetSecParamsBonding() {
+	secParams.set_bitfield_bond(1)
+}
+
+func SetSecCapabilities(cap GapIOCapability) {
+	secParams.set_bitfield_io_caps(uint8(cap))
+}
+
 //export assertHandler
 func assertHandler() {
 	println("SoftDevice assert")