Is it possible to use DESFire Session Keys within the SE?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is it possible to use DESFire Session Keys within the SE?

Jump to solution
1,523 Views
antoine_provot
Contributor II

Hi,

I'm working with the DESFire APDUs and succeeding at the authentification. I want now to use my desfire session keys generated through the previous passes. Unfortunately my environment is not secure enough to dump these keys in my processor.

How can I reference the session keys in the SE after authentification,  without having to dump them?

What alternative do I have else?

Thanks in advance.

Labels (1)
Tags (2)
0 Kudos
1 Solution
1,371 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Antoine,

The keys need to be dumped, but from security perspective there is no real difference if the keys are dumped to the host or if the host can send all commands you like to the SE and it encrypts it for the host.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

3 Replies
1,371 Views
antoine_provot
Contributor II

Hi Kan,

unfortunately it's not as this simple.

I was asking if it was possible to use the DESfire session keys generated through the authentification processus inside the SE, as if those keys were normal symmetric keys of the SE application.

For example:

If I do DFAuthenticateNonFirstPart1 then DFAuthenticateNonFirstPart2, the SE now contains the DESfire session keys necessary to communicate with the badge securely.

Is it possible for me to directly use those keys in a cipher processus ? (cipherInit or cipherOneShot and so on...). I would like after that to disallow desfire keys dumping.

0 Kudos
1,372 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi Antoine,

The keys need to be dumped, but from security perspective there is no real difference if the keys are dumped to the host or if the host can send all commands you like to the SE and it encrypts it for the host.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

1,371 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi ,

I think you may enable SCP03 channel to protect confidentiality and integrity of data exchanged with the Secure Element.

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos