https://community.nxp.com/t5/Secure-Authentication/Desfire-EV2-need-to-share-master-key/m-p/1255720#M477 <P>I am designing a multi-purpose smartcard system using Mifare Desfire EV2.</P><P>I'd like to correctly understand the use of the different keys, and especially the master key.</P><P>As I read it, the master key allows to create applications on cards. It can be diversified to put a PICC key onto each card, so a the card don't carry the key, but a reader must know the master key to create applications on cards.</P><P>Each application has application master key, read or write keys, and off course, data.</P><P>For a determined reading use, e.g door control, the reader must read the accurate application, with the corresponding read key.</P><P>Am I right until here ?</P><P>So, I wonder out if I have to share the master key with different usage managers, i.e. the door control manager, the food service manager if the card is used to pay the meal...</P><P>Is the master key mandatory to read cards ?<BR />If not, does the master key allow to read data on applications, without application read keys ?<BR />Do I need to share the master key to allow managers to create applcations (I think I must), and do I need to share to write data on already made applications ?<BR />Is it possible to create application on cards, just share the application master key to manager and let them rewrite application key, read and right keys ?</P><P>Thanks for your help !</P> Thu, 01 Apr 2021 09:35:24 GMT MGO 2021-04-01T09:35:24Z https://community.nxp.com/t5/Secure-Authentication/Desfire-EV2-need-to-share-master-key/m-p/1255720#M477 <P>I am designing a multi-purpose smartcard system using Mifare Desfire EV2.</P><P>I'd like to correctly understand the use of the different keys, and especially the master key.</P><P>As I read it, the master key allows to create applications on cards. It can be diversified to put a PICC key onto each card, so a the card don't carry the key, but a reader must know the master key to create applications on cards.</P><P>Each application has application master key, read or write keys, and off course, data.</P><P>For a determined reading use, e.g door control, the reader must read the accurate application, with the corresponding read key.</P><P>Am I right until here ?</P><P>So, I wonder out if I have to share the master key with different usage managers, i.e. the door control manager, the food service manager if the card is used to pay the meal...</P><P>Is the master key mandatory to read cards ?<BR />If not, does the master key allow to read data on applications, without application read keys ?<BR />Do I need to share the master key to allow managers to create applcations (I think I must), and do I need to share to write data on already made applications ?<BR />Is it possible to create application on cards, just share the application master key to manager and let them rewrite application key, read and right keys ?</P><P>Thanks for your help !</P> Thu, 01 Apr 2021 09:35:24 GMT https://community.nxp.com/t5/Secure-Authentication/Desfire-EV2-need-to-share-master-key/m-p/1255720#M477 MGO 2021-04-01T09:35:24Z https://community.nxp.com/t5/Secure-Authentication/Desfire-EV2-need-to-share-master-key/m-p/1256409#M478 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/185202">@MGO</a>&nbsp;,</P> <P>&nbsp;</P> <P>The master key better be stored in SAM such as MIFARE SAM AV3, and we provide an app note on this topic, please kindly refer to&nbsp;<A href="https://www.nxp.com.cn/docs/en/application-note/AN10922.pdf" target="_blank">https://www.nxp.com.cn/docs/en/application-note/AN10922.pdf</A>&nbsp;for details.</P> <P>&nbsp;</P> <P>Hope that helps,</P> <P>&nbsp;</P> <P>Have a great day,<BR />Kan</P> <P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P> Sat, 03 Apr 2021 02:29:56 GMT https://community.nxp.com/t5/Secure-Authentication/Desfire-EV2-need-to-share-master-key/m-p/1256409#M478 Kan_Li 2021-04-03T02:29:56Z https://community.nxp.com/t5/Secure-Authentication/Desfire-EV2-need-to-share-master-key/m-p/1256451#M479 <P>Hi Kan_Li,</P><P>Thanks a lot for your answer.</P><P>I understand the SAM can be plugged on readers to use the keys. It is a good idea I am thinking about in a second step.</P><P>But on the beginning, can I have the cards read without the master key ?</P><P>&nbsp;</P><P>Best regards, and happy Easter !</P><P>MGO</P> Sat, 03 Apr 2021 10:02:27 GMT https://community.nxp.com/t5/Secure-Authentication/Desfire-EV2-need-to-share-master-key/m-p/1256451#M479 MGO 2021-04-03T10:02:27Z https://community.nxp.com/t5/Secure-Authentication/Desfire-EV2-need-to-share-master-key/m-p/1349097#M593 <P>Hi MGO,</P><P>I am dealing with DESFire cards right know. I found your questions very interesting. Did you get any answer?</P><P>Thank you in advance.&nbsp;</P><P>BR.&nbsp;</P> Thu, 30 Sep 2021 11:11:02 GMT https://community.nxp.com/t5/Secure-Authentication/Desfire-EV2-need-to-share-master-key/m-p/1349097#M593 patricio 2021-09-30T11:11:02Z https://community.nxp.com/t5/Secure-Authentication/Desfire-EV2-need-to-share-master-key/m-p/1374227#M615 <P>Hi,</P><P>&nbsp;</P><P>No, not yet.</P><P>BR.</P><P>MGO</P> Fri, 19 Nov 2021 09:27:52 GMT https://community.nxp.com/t5/Secure-Authentication/Desfire-EV2-need-to-share-master-key/m-p/1374227#M615 MGO 2021-11-19T09:27:52Z