Desfire EV2 : need to share master key ?

Showing results for 
Search instead for 
Did you mean: 

Desfire EV2 : need to share master key ?

Contributor I

I am designing a multi-purpose smartcard system using Mifare Desfire EV2.

I'd like to correctly understand the use of the different keys, and especially the master key.

As I read it, the master key allows to create applications on cards. It can be diversified to put a PICC key onto each card, so a the card don't carry the key, but a reader must know the master key to create applications on cards.

Each application has application master key, read or write keys, and off course, data.

For a determined reading use, e.g door control, the reader must read the accurate application, with the corresponding read key.

Am I right until here ?

So, I wonder out if I have to share the master key with different usage managers, i.e. the door control manager, the food service manager if the card is used to pay the meal...

Is the master key mandatory to read cards ?
If not, does the master key allow to read data on applications, without application read keys ?
Do I need to share the master key to allow managers to create applcations (I think I must), and do I need to share to write data on already made applications ?
Is it possible to create application on cards, just share the application master key to manager and let them rewrite application key, read and right keys ?

Thanks for your help !

0 Kudos
2 Replies

NXP TechSupport
NXP TechSupport

Hi @MGO ,


The master key better be stored in SAM such as MIFARE SAM AV3, and we provide an app note on this topic, please kindly refer to for details.


Hope that helps,


Have a great day,

- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

0 Kudos

Contributor I

Hi Kan_Li,

Thanks a lot for your answer.

I understand the SAM can be plugged on readers to use the keys. It is a good idea I am thinking about in a second step.

But on the beginning, can I have the cards read without the master key ?


Best regards, and happy Easter !


0 Kudos