FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

key diversification

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

key diversification

‎02-13-2019 12:17 PM
1,712 Views
robneff
Contributor I

I'm working on a card reader using the SAM AV2 chip that will read cards using key diversification.  I understand the diversification algorithm, but there are steps to "encrypt x using AES".  I assume AES is built into the AV2 chip, but I don't see commands to simply encrypt an input, using a key from the key store.

In the NXP Reader library there is the phCryptoSym_Encrypt( ) command, that seems to implement AES in the library itself, but that means we need to get the key from the key store on the AV2 chip, which reduces the security level.  Am I looking at this right?

#nxp reader#sam av2#key diversification

0 Kudos
Reply
6 Replies

‎02-20-2019 09:26 AM
1,424 Views
robneff
Contributor I

As update, I have read AN10922 and AN10957. That doesn't help with my core question: can I encrypt data on the AV2 chip using a key in the AV2 Keystore?  The only solution I've found is to set the flag for dumping the secret key, read the key back to the host side, then using the NXP Reader Library to encrypt the data, all on the host side.  I'd rather not bring the key back to the host side ever. The AV2 certainly has the capability of doing it all on the chip, it seems like a security risk to force the host to store the secret key with dump flag set (in fact, the documentation describing the keystore says exactly that).

0 Kudos
Reply

‎02-26-2019 10:19 AM
1,424 Views
vicentegomez
NXP TechSupport
NXP TechSupport

Hi Rob 

You got the answer on the internal thread.

Regards

Vicente 

Reply

‎07-15-2022 09:32 AM
952 Views
Anssi
Contributor I

Where is the internal thread?

I am trying to diversify as well av2 key but I am not able to dump it either. Any help?

 

AuthAV2key is false for master and key dump is allowed. CuK is ff and type picc. What I am doing wrong? Resp 6985

0 Kudos
Reply

‎05-02-2019 09:06 AM
1,424 Views
robertorebolled
Contributor I

Hello Vicente:

I have the same question that Rob have, can you please help me?.

Best regards,

Roberto Rebolledo.

0 Kudos
Reply

‎03-07-2019 05:12 PM
1,424 Views
robneff
Contributor I

That did work for me.  I thought these forums were password protected, but at any rate, I did get the response off-line and it worked for me.  If I had read AN1830 or picked up some clues in other docs, that would have helped me also.

0 Kudos
Reply

‎02-19-2019 01:37 AM
1,424 Views
jimmychan
NXP TechSupport
NXP TechSupport

For your information : https://www.nxp.com/docs/en/application-note/AN10922.pdf 

0 Kudos
Reply