Forum / MIFARE SDK / Trying to read DESFire EV1 Card, requires Authentication.
Tagged: DESFireEV1, sdk
-
Hi César,
I have asked the web server team to reset your password. The email address can be changed by yourself if you go to Profile, Edit.
The MIFARE Team
+ 0 | - 0
I'm lost!
I cannot sign in, I cannot reset my password. I'm sorry but the website isn't working.
I don't want to use the personal account I'm using here on this forum (even if I would have wanted, it doesn't work either).
I've tried to connect with my team account (equipesoft@) on https://inspire.nxp.com/mifare/login.html and got: Invalid username / password.
I don't have any e-mails in my spam folder.
Are you sure your e-mail server is sending something (activation, password reset)?
My project is stuck just because I can't register or sign in :(.
Thanks.
+ 0 | - 0
Hi César,
The web server team is informed to activate your team account. But your personal account works and you are able to download the latest SDK package, so you can go ahead with your project.
I will inform you when I get response.
The MIFARE Team
+ 0 | - 0
Hello,
I've managed to read a plain file in one my applications thanks to the advanced SDK (getApplicationIDs, selectApplication and readData). Thanks!
Now I need to read a file in an other application which requires authentication.
My PICC master key has an AES 128 method.
I have the 16 bits long key.
I also have keys for files in the application.
Can you confirm that before being able to call authenticate() I need to initialize the software keystore with the PICC master key?
I've tried:
ks = KeyStoreFactory.getInstance().getSoftwareKeyStore();
ks.setKey(0, (byte) 0,
IKeyConstants.KeyType.KEYSTORE_KEY_TYPE_AES128, KEY_AES128);
But got the error:
com.nxp.nfclib.exceptions.SmartCardException: Specified Key type is different from the formatted one.
My goal is to call:
objDESFireEV1.authenticate(DESFireEV1.AuthType.Native, keyNo, version, 0,
(byte) 0, null);
data = objDESFireEV1.readData(1, 0, data.length, DESFireEV1.CommunicationType.Enciphered);
Thanks.
+ 0 | - 0
Hi César,
You have to authenticate with the card key which is used to protect the read command (it there is any). It is no need that this is the master key. I would never use the master key for the access control of files! The master key should only be used for administrative tasks like change keys etc.
You have to initialize the software keystore before you can use the keys. This is done usually in the createView() or resume() methods.
The error message indicates that the value used clashes with the key type definition.
The MIFARE Team
+ 0 | - 0
Hello,
Thanks to your answer I'm using the application master key (and not the PICC master key).
The initialization of the keystore doesn't throw any exception now:
libInstance = NxpNfcLib.getInstance();
libInstance.registerActivity(this, packageKey);
KeyStoreFactory.KeyStoreType kst = libInstance.getKeyStoreType();
try {
IKeyStore iks= libInstance.getKeyStore();
ks = KeyStoreFactory.getInstance().getSoftwareKeyStore();
ks.setKey(0, (byte) 0,
IKeyConstants.KeyType.KEYSTORE_KEY_TYPE_2K3DES, KEY_AES128);
} catch (SmartCardException e) {
showMessage(e.getMessage(), 'l');
showMessage("SmartCardException in init Keystore ... check LogCat",
't');
e.printStackTrace();
}
libInstance.loadKeyStore(ks);
But I had to switch the type to KEYSTORE_KEY_TYPE_2K3DES. I don't understand why: my Mifare application was documented as "AES 128 bits method".
My next step is to call authenticate on my objDESFireEV1.
I've tried DESFireEV1.AuthType.AES in the first parameter. No success.
Best regards.
+ 0 | - 0
Hello,
In authenticate() how do the parameters keyNo and cardkeyNo interact with the key added previously to the keystore?
Thanks.
+ 0 | - 0
Hi César,
Please have a look to this post:
https://www.mifare.net/support/forum/topic/authentication-to-mifare-desfire-ev1-tag-fails-at-picc-level-with-master-key/
If you issue cards with a new key for your application, you increment the key version to distinguish between this two keys. As I explained in the post you can always read the key version of a certain key from the card without authentication.
It is matter of course, in your reader terminal you have to manage two version of keys. It depends of the key store management how this is organized, but if you read out the key you select it with the key version. The required key version comes from the key version used on the card.
Even if key versions are not necessary at the start of your project, I would implement such functions. It makes your life easier if you urgently have to change keys by an accident.
Kind regards,
The MIFARE Team
+ 0 | - 0
Thanks but I'm still stuck on authentication errors.
+ 0 | - 0
Hi César,
did you read this post:
https://www.mifare.net/support/forum/topic/set-keys-and-do-authentication-to-desfire-using-mifare-advanced-sdk/
It shows a complete authentication sample with a DESFire EV1.
The MIFARE Team
+ 0 | - 0
Hi,
Thanks. I read it.
My questions:
1
I don't understand the meaning of "format" and "set" in formatKeyEntry and setKey? Does it alter the card?
I know the application and the file. I have the AES key. I just want to authenticate to read the content.
2
I don't understand why I got
com.nxp.nfclib.exceptions.SmartCardException: Specified Key type is different from the formatted one.
with
ks.setKey(0, (byte) 0,
IKeyConstants.KeyType.KEYSTORE_KEY_TYPE_AES128, MY_KEY_APP);
My key is 16 bytes long:
public static final byte[] MY_KEY_APP = {(byte) 0x**, (byte) 0x**,
(byte) 0x**, (byte) 0x**, (byte) 0x**, (byte) 0x2A, (byte) 0xC1,
(byte) 0xEF, (byte) 0x**, (byte) 0x**, (byte) 0x**, (byte) 0x**,
(byte) 0x**, (byte) 0x**, (byte) 0x**, (byte) 0x49};
I
3
The post deals with AuthenticateAES, I just have Authenticate.
Best regards.
+ 0 | - 0
Hi,
I just want to say here, that formatKeyEntry and setKey has NOTHING to do with the PICC (Card)!
When you create an application on DESFire and you specify that the application will have for example 5 keys AES. The card saves 5 AES keys with all 0's on it.
KeyStore is a SOFTWARE part. You use it just to store the keys temporary for easier access (via keyNumber).
If you want to apply changes to the card, do it after personalization. Then you need to call command changeKey(). Now, this will infact change the key on the card with they key in the KeyStore.
Also to your previous post:
Make sure that once you used formatKeyEntry() you also used the same slot (keyNo) and the same AuthType(AES) as in the setKey() method.
A bit confusing, but I hope you understand.
+ 0 | - 0
Thank you for the information. I will continue.
+ 0 | - 0
In authenticate, what is the difference between
keyNo - key to use for authentication.
and
cardkeyNo - defines key to authenticate with.
?
+ 0 | - 0
I can select the app.
I would like to readData but need to authenticate before (am I right?).
Is the the right way to do it?
objDESFireEV1.selectApplication(65536);
objDESFireEV1.authenticate(DESFireEV1.AuthType.AES, keyNo, version, cardkeyNo, IKeyConstants.DIV_OPTION_NODIVERSIFICATION, null);
dataCashlessCode = objDESFireEV1.readData(fileNo, 0, 0, DESFireEV1.CommunicationType.Enciphered, dataCashlessCode.length);
Thanks.
+ 0 | - 0
-
AuthorPosts
You must be logged in to reply to this topic.