FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Is it possible to use DESFire Session Keys within the SE?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

Is it possible to use DESFire Session Keys within the SE?

Jump to solution
‎11-25-2019 07:58 AM
2,681 Views
antoine_provot
Contributor II

Hi,

I'm working with the DESFire APDUs and succeeding at the authentification. I want now to use my desfire session keys generated through the previous passes. Unfortunately my environment is not secure enough to dump these keys in my processor.

How can I reference the session keys in the SE after authentification,  without having to dump them?

What alternative do I have else?

Thanks in advance.

Labels (1)
Labels
Tags (2)
0 Kudos
Reply
1 Solution

Jump to solution
‎11-28-2019 01:07 AM
2,529 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Antoine,

The keys need to be dumped, but from security perspective there is no real difference if the keys are dumped to the host or if the host can send all commands you like to the SE and it encrypts it for the host.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

Reply
3 Replies

Jump to solution
‎11-27-2019 03:59 AM
2,529 Views
antoine_provot
Contributor II

Hi Kan,

unfortunately it's not as this simple.

I was asking if it was possible to use the DESfire session keys generated through the authentification processus inside the SE, as if those keys were normal symmetric keys of the SE application.

For example:

If I do DFAuthenticateNonFirstPart1 then DFAuthenticateNonFirstPart2, the SE now contains the DESfire session keys necessary to communicate with the badge securely.

Is it possible for me to directly use those keys in a cipher processus ? (cipherInit or cipherOneShot and so on...). I would like after that to disallow desfire keys dumping.

0 Kudos
Reply

Jump to solution
‎11-28-2019 01:07 AM
2,530 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Antoine,

The keys need to be dumped, but from security perspective there is no real difference if the keys are dumped to the host or if the host can send all commands you like to the SE and it encrypts it for the host.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Reply

Jump to solution
‎11-27-2019 03:38 AM
2,529 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi ,

I think you may enable SCP03 channel to protect confidentiality and integrity of data exchanged with the Secure Element.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply