Reply To: DesfireFire Personalization, Authentication

Forum MIFARE SDK DesfireFire Personalization, Authentication Reply To: DesfireFire Personalization, Authentication

Re: DesfireFire Personalization, Authentication

12. May 2016 at 9:24
Hi Onyekachi,

A brand new DESFire EV1 contains a 3DES default master key 00...00 as card key #0. The predecessor product did not support AES cipher, so the EV1 is compatible with its predecessor. You can change the cipher by changing the key to a 128 bit AES key.

Card key #0 is the master key and you should use it only for administrative tasks, e.g.: set a new application key, format the whole card etc. For your application you should always create new keys with numbers #1, #2 etc. These keys belongs to the application and will be removed if you format the entire card. But the master key #0 is not removed, you need this key for creating new keys after the format.

The personalizing of a brand new DESFire EV1 could be:

  1. Set default master key by changing the key from 3DES 00…00 to AES xx…xx (all zeros is the default value).
  2. Create a new application with an AID and define the number of keys you will need for protecting your files. If you need 3 keys, you should set the number to 4.
  3. Select the application with the AID.
  4. Create the files with the appropriate permissions. You cannot write to the file, because the keys are not yet initialized.
  5. Create the application keys. For creating app key #1, first authenticate to card key #1 with the default key to ensure you have the permission and the key is not in use. Then change the key #1 from the default value 00…00 to the destination value. Repeat it for the other application keys.
  6. Now you can access the file. E.g.: if it use key #1 you have to authenticate with key #1 and then you can read or write to the file.
  7. Do not forget to select to the application first before you operate with keys and files of this application.

An addendum: if the master key (key #0) is initialized as first step in your personalizing phase, there is no reason to change it later again. Later you change only application keys and use the master key only for initializing new keys.

Kind regards,
+ 0  |  - 0