Desfire EV2 : need to share master key ?

[Matthieu Gomez]

I am designing a multi-purpose smartcard system using Mifare Desfire EV2.

I'd like to correctly understand the use of the different keys, and especially the master key.

As I read it, the master key allows to create applications on cards. It can be diversified to put a PICC key onto each card, so a the card don't carry the key, but a reader must know the master key to create applications on cards.

Each application has application master key, read or write keys, and off course, data.

For a determined reading use, e.g door control, the reader must read the accurate application, with the corresponding read key.

Am I right until here ?

So, I wonder out if I have to share the master key with different usage managers, i.e. the door control manager, the food service manager if the card is used to pay the meal...

Is the master key mandatory to read cards ?
If not, does the master key allow to read data on applications, without application read keys ?
Do I need to share the master key to allow managers to create applcations (I think I must), and do I need to share to write data on already made applications ?
Is it possible to create application on cards, just share the application master key to manager and let them rewrite application key, read and right keys ?

Thanks for your help !

---

+ 0  |  - 0

[Author]

Posts