Hi,
I'm working with the DESFire APDUs and succeeding at the authentification. I want now to use my desfire session keys generated through the previous passes. Unfortunately my environment is not secure enough to dump these keys in my processor.
How can I reference the session keys in the SE after authentification, without having to dump them?
What alternative do I have else?
Thanks in advance.
已解决! 转到解答。
Hi Antoine,
The keys need to be dumped, but from security perspective there is no real difference if the keys are dumped to the host or if the host can send all commands you like to the SE and it encrypts it for the host.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi Kan,
unfortunately it's not as this simple.
I was asking if it was possible to use the DESfire session keys generated through the authentification processus inside the SE, as if those keys were normal symmetric keys of the SE application.
For example:
If I do DFAuthenticateNonFirstPart1 then DFAuthenticateNonFirstPart2, the SE now contains the DESfire session keys necessary to communicate with the badge securely.
Is it possible for me to directly use those keys in a cipher processus ? (cipherInit or cipherOneShot and so on...). I would like after that to disallow desfire keys dumping.
Hi Antoine,
The keys need to be dumped, but from security perspective there is no real difference if the keys are dumped to the host or if the host can send all commands you like to the SE and it encrypts it for the host.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi ,
I think you may enable SCP03 channel to protect confidentiality and integrity of data exchanged with the Secure Element.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------