Is it safe to store an AES-key in a mobile app?

Forum / MIFARE SDK / Is it safe to store an AES-key in a mobile app?

  • 24. August 2022 at 11:53
    Hi

    I want to know if it is safe to store an AES-key to read a protected sector in a mobile app?

    Suppose that someone extracts the key from the app, can they then create a MIFARE card with a sector that is readible using that same readkey but with different data?

    We are working with MIFARE Plus SL3.

    If it is not safe to do this, how can you securely extract the data from a protected sector without exposing the key to the client app?

    Where can I find more information on the concepts behind this?

    Kind regards,

    Philip
    + 0  |  - 0

    Re: Is it safe to store an AES-key in a mobile app?

    12. October 2022 at 8:01
    Why not to use the "KeyChain" for it.
    + 0  |  - 0

    Re: Is it safe to store an AES-key in a mobile app?

    12. October 2022 at 9:57
    The key would still be on the device, so if the user could extract it somehow. Hence he could create a new fake card, with a sector protected with the same read key, but with different data.
    + 0  |  - 0
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.