Forum › MIFARE general topics and applications › DESFire EV1 SelectApplication Command › Reply To: DESFire EV1 SelectApplication Command
Hi Jan,
First of all: you should reserve the master key (initially it is key #0) only for “card administration tasks” and create new keys for access permissions of your files. It is a serious use-case that you have to delegate the application management to a third party and you want to limit the activities of the third party to the application management only and not allow them to reformat the entire card! Therefore you as card issuer will never give the master key out of your hands.
The changeKey() command initialize a key with a new value. Before you can change the new key destination you have to prove that you have the rights to do this. Therefore you have to authenticate before with the previous key value with is for a blank MIFARE DESFire EV1 the value 00…00. This approach protect the key in the case if it is in use from another application. So, you cannot unauthorized write-over keys!
After creating the application, you select this application AID to redirect all file actions. Then you authenticate to key #1 with 00…00 if it was never used before and then you change the default key value with the new key value.
The MIFARE DESFire EV1 supports the following ciphers:
Single DES (56 bit), 2key triple DES (2K3DES, 112 bit), 3key triple DES (3K3DES, 168 bit) and AES (128 bit). Which cipher you select depend on the infrastructure of your reader station and of course of your preferences. You can mix the cipher on the card, e.g.: 2K3DES for one file and AES for another.
The MIFARE Team
First of all: you should reserve the master key (initially it is key #0) only for “card administration tasks” and create new keys for access permissions of your files. It is a serious use-case that you have to delegate the application management to a third party and you want to limit the activities of the third party to the application management only and not allow them to reformat the entire card! Therefore you as card issuer will never give the master key out of your hands.
The changeKey() command initialize a key with a new value. Before you can change the new key destination you have to prove that you have the rights to do this. Therefore you have to authenticate before with the previous key value with is for a blank MIFARE DESFire EV1 the value 00…00. This approach protect the key in the case if it is in use from another application. So, you cannot unauthorized write-over keys!
After creating the application, you select this application AID to redirect all file actions. Then you authenticate to key #1 with 00…00 if it was never used before and then you change the default key value with the new key value.
The MIFARE DESFire EV1 supports the following ciphers:
Single DES (56 bit), 2key triple DES (2K3DES, 112 bit), 3key triple DES (3K3DES, 168 bit) and AES (128 bit). Which cipher you select depend on the infrastructure of your reader station and of course of your preferences. You can mix the cipher on the card, e.g.: 2K3DES for one file and AES for another.
The MIFARE Team
+ 0
|
- 0