diff --git a/src/ble/sm.c b/src/ble/sm.c
index 6916fc544..f4ff4141e 100644
--- a/src/ble/sm.c
+++ b/src/ble/sm.c
@@ -1276,14 +1276,23 @@ static void sm_key_distribution_handle_all_received(sm_connection_t * sm_conn){
             le_device_db_remote_counter_set(le_db_index, 0);
         }
 
-        // store encryption information if a) secure connections or b) peer LTK, EDIV, RAND have been received
-        if ((setup->sm_use_secure_connections)
-            || (  (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION)   
-               && (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_MASTER_IDENTIFICATION ))){
+        // store encryption information for secure connections: LTK generated by ECDH
+        if (setup->sm_use_secure_connections){
+            log_info("sm: store SC LTK (key size %u, authenticatd %u)", sm_conn->sm_actual_encryption_key_size, sm_conn->sm_connection_authenticated);
+            uint8_t zero_rand[8];
+            memset(zero_rand, 0, 8);
+            le_device_db_encryption_set(le_db_index, 0, zero_rand, setup->sm_ltk, sm_conn->sm_actual_encryption_key_size,
+                sm_conn->sm_connection_authenticated, sm_conn->sm_connection_authorization_state == AUTHORIZATION_GRANTED);
+        } 
+
+        // store encryption infromation for legacy pairing: peer LTK, EDIV, RAND
+        else if ( (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION)   
+               && (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_MASTER_IDENTIFICATION )){
             log_info("sm: set encryption information (key size %u, authenticatd %u)", sm_conn->sm_actual_encryption_key_size, sm_conn->sm_connection_authenticated);
             le_device_db_encryption_set(le_db_index, setup->sm_peer_ediv, setup->sm_peer_rand, setup->sm_peer_ltk,
                 sm_conn->sm_actual_encryption_key_size, sm_conn->sm_connection_authenticated, sm_conn->sm_connection_authorization_state == AUTHORIZATION_GRANTED);
-        }                
+
+        }
     }
 
     // keep le_db_index
@@ -1393,11 +1402,6 @@ static void sm_sc_cmac_done(uint8_t * hash){
             sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_F5_LTK;
             break;            
         case SM_SC_W4_CALCULATE_F5_LTK:
-            // store data for later key storage
-            setup->sm_peer_ediv = 0;
-            memset(setup->sm_peer_rand, 0, 8);
-            memcpy(setup->sm_peer_ltk, hash, 16);
-            // store generated LTK and continue
             memcpy(setup->sm_ltk, hash, 16);
             sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_F6_FOR_DHKEY_CHECK;
             break;