I'm working on a card reader using the SAM AV2 chip that will read cards using key diversification. I understand the diversification algorithm, but there are steps to "encrypt x using AES". I assume AES is built into the AV2 chip, but I don't see commands to simply encrypt an input, using a key from the key store.
In the NXP Reader library there is the phCryptoSym_Encrypt( ) command, that seems to implement AES in the library itself, but that means we need to get the key from the key store on the AV2 chip, which reduces the security level. Am I looking at this right?
As update, I have read AN10922 and AN10957. That doesn't help with my core question: can I encrypt data on the AV2 chip using a key in the AV2 Keystore? The only solution I've found is to set the flag for dumping the secret key, read the key back to the host side, then using the NXP Reader Library to encrypt the data, all on the host side. I'd rather not bring the key back to the host side ever. The AV2 certainly has the capability of doing it all on the chip, it seems like a security risk to force the host to store the secret key with dump flag set (in fact, the documentation describing the keystore says exactly that).
Hi Rob
You got the answer on the internal thread.
Regards
Vicente
Where is the internal thread?
I am trying to diversify as well av2 key but I am not able to dump it either. Any help?
AuthAV2key is false for master and key dump is allowed. CuK is ff and type picc. What I am doing wrong? Resp 6985
Hello Vicente:
I have the same question that Rob have, can you please help me?.
Best regards,
Roberto Rebolledo.
That did work for me. I thought these forums were password protected, but at any rate, I did get the response off-line and it worked for me. If I had read AN1830 or picked up some clues in other docs, that would have helped me also.
For your information : https://www.nxp.com/docs/en/application-note/AN10922.pdf