Is it safe to store an AES-key in a mobile app?

Forum / MIFARE SDK / Is it safe to store an AES-key in a mobile app?

Tagged: 

  • 24. August 2022 at 11:53

    Philip
    Hi

    I want to know if it is safe to store an AES-key to read a protected sector in a mobile app?

    Suppose that someone extracts the key from the app, can they then create a MIFARE card with a sector that is readible using that same readkey but with different data?

    We are working with MIFARE Plus SL3.

    If it is not safe to do this, how can you securely extract the data from a protected sector without exposing the key to the client app?

    Where can I find more information on the concepts behind this?

    Kind regards,

    Philip
    + 0  |  - 0

    Re: Is it safe to store an AES-key in a mobile app?

    12. October 2022 at 8:01

    Michal Shaub
    Why not to use the "KeyChain" for it.
    + 0  |  - 0

    Re: Is it safe to store an AES-key in a mobile app?

    12. October 2022 at 9:57

    Philip
    The key would still be on the device, so if the user could extract it somehow. Hence he could create a new fake card, with a sector protected with the same read key, but with different data.
    + 0  |  - 0

    Re: Is it safe to store an AES-key in a mobile app?

    17. February 2023 at 10:50

    Philip
    This is a fundamental question for me.
    Is it safe to store a read key in a mobile app?
    Can the decryption be done server side, where you can store the key in a secure way?

    + 0  |  - 0
  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.