https://community.nxp.com/t5/NFC/key-diversification/m-p/860120#M4852 <HTML><HEAD></HEAD><BODY><P>As update, I have read AN10922 and AN10957.&nbsp;That doesn't help with my core question: can I encrypt data on the AV2 chip using a key in the AV2 Keystore?&nbsp; The only solution I've found is to set the flag for dumping the secret key, read the key back to the&nbsp;host side, then using the NXP Reader Library to encrypt the data, all on the host side.&nbsp; I'd rather not bring the key back to the host side ever. The AV2 certainly&nbsp;has the capability of doing it all on the chip, it seems like a security risk to force the host to store the secret key with dump flag set (in fact, the documentation describing the keystore says exactly that).</P></BODY></HTML> Wed, 20 Feb 2019 16:26:15 GMT robneff 2019-02-20T16:26:15Z https://community.nxp.com/t5/NFC/key-diversification/m-p/860118#M4850 <HTML><HEAD></HEAD><BODY><P>I'm working on a card reader using the SAM AV2 chip that will read cards using key diversification.&nbsp; I understand the diversification algorithm, but there are steps to "encrypt x using AES".&nbsp; I assume AES is built into the AV2 chip, but I don't see commands to simply encrypt an input, using a key from the key store.</P><P></P><P>In the NXP Reader library there is the phCryptoSym_Encrypt( ) command, that seems to implement AES in the library itself, but that means we need to get the key from the key store on the AV2 chip, which reduces the security level.&nbsp; Am I looking at this right?</P><P><A href="https://community.nxp.com/t5/tag/nxp reader/tg-p">#nxp reader</A>‌ <A href="https://community.nxp.com/t5/tag/sam av2/tg-p">#sam av2</A>‌ <A href="https://community.nxp.com/t5/tag/key diversification/tg-p">#key diversification</A>‌</P></BODY></HTML> Wed, 13 Feb 2019 19:17:44 GMT https://community.nxp.com/t5/NFC/key-diversification/m-p/860118#M4850 robneff 2019-02-13T19:17:44Z https://community.nxp.com/t5/NFC/key-diversification/m-p/860119#M4851 <HTML><HEAD></HEAD><BODY><P>For your information : <A class="link-titled" href="https://www.nxp.com/docs/en/application-note/AN10922.pdf" title="https://www.nxp.com/docs/en/application-note/AN10922.pdf">https://www.nxp.com/docs/en/application-note/AN10922.pdf</A>&nbsp;</P></BODY></HTML> Tue, 19 Feb 2019 08:37:42 GMT https://community.nxp.com/t5/NFC/key-diversification/m-p/860119#M4851 jimmychan 2019-02-19T08:37:42Z https://community.nxp.com/t5/NFC/key-diversification/m-p/860120#M4852 <HTML><HEAD></HEAD><BODY><P>As update, I have read AN10922 and AN10957.&nbsp;That doesn't help with my core question: can I encrypt data on the AV2 chip using a key in the AV2 Keystore?&nbsp; The only solution I've found is to set the flag for dumping the secret key, read the key back to the&nbsp;host side, then using the NXP Reader Library to encrypt the data, all on the host side.&nbsp; I'd rather not bring the key back to the host side ever. The AV2 certainly&nbsp;has the capability of doing it all on the chip, it seems like a security risk to force the host to store the secret key with dump flag set (in fact, the documentation describing the keystore says exactly that).</P></BODY></HTML> Wed, 20 Feb 2019 16:26:15 GMT https://community.nxp.com/t5/NFC/key-diversification/m-p/860120#M4852 robneff 2019-02-20T16:26:15Z https://community.nxp.com/t5/NFC/key-diversification/m-p/860121#M4853 <HTML><HEAD></HEAD><BODY><P>Hi Rob&nbsp;</P><P>You got the answer on the internal thread.</P><P></P><P>Regards</P><P>Vicente&nbsp;</P></BODY></HTML> Tue, 26 Feb 2019 17:19:42 GMT https://community.nxp.com/t5/NFC/key-diversification/m-p/860121#M4853 vicentegomez 2019-02-26T17:19:42Z https://community.nxp.com/t5/NFC/key-diversification/m-p/860122#M4854 <HTML><HEAD></HEAD><BODY><P>That did work for me.&nbsp; I thought these forums were password protected, but at any rate, I did get the response off-line and it worked for me.&nbsp; If I had read AN1830 or picked up some clues in other docs, that would have helped me also.</P></BODY></HTML> Fri, 08 Mar 2019 00:12:27 GMT https://community.nxp.com/t5/NFC/key-diversification/m-p/860122#M4854 robneff 2019-03-08T00:12:27Z https://community.nxp.com/t5/NFC/key-diversification/m-p/860123#M4855 <HTML><HEAD></HEAD><BODY><P>Hello Vicente:</P><P></P><P>I have the same question that Rob have, can you please help me?.</P><P></P><P>Best regards,</P><P>Roberto Rebolledo.</P></BODY></HTML> Thu, 02 May 2019 16:06:03 GMT https://community.nxp.com/t5/NFC/key-diversification/m-p/860123#M4855 robertorebolled 2019-05-02T16:06:03Z https://community.nxp.com/t5/NFC/key-diversification/m-p/1490463#M9559 <P>Where is the internal thread?</P><P>I am trying to diversify as well av2 key but I am not able to dump it either. Any help?</P><P>&nbsp;</P><P>AuthAV2key is false for master and key dump is allowed. CuK is ff and type picc. What I am doing wrong? Resp 6985</P> Fri, 15 Jul 2022 16:32:38 GMT https://community.nxp.com/t5/NFC/key-diversification/m-p/1490463#M9559 Anssi 2022-07-15T16:32:38Z