The Synergis key store is used to configure and store cryptographic keys.
Keys in the Synergis key store
Each cryptographic key is composed of one or more components. For added security, a key can be composed of multiple components so that the key can be separated and distributed to multiple stakeholders, without anyone having the complete key.
- Version
- The version number of the key. Each version of the key you create is a
new key.
Multiple versions of the same key are listed if the Use key version checkbox on the MIFARE DESFire configuration page is selected. When the checkbox is selected, the system asks the card, which key version it is using and tries to find it in the key store. The indexed 00 to indexed 31 keys can have up to three versions at a time. If the checkbox is cleared, then the system always uses the last version. For example, if you enable key versioning then add versions 1, 2, and then 3 for the indexed 01 key, when you clear this checkbox, only version 3 is listed in the Synergis key store for that key. If you create version 4, and then select the checkbox again, versions 2, 3, and 4 are listed.
- Components
- The number of components that currently form the key. Each component is a 32-character hexadecimal value.
- Hash
- The key hash used to verify whether the key you entered in the Synergis key store is valid. The key is valid if it matches the key hash from the other units or the key card production tool with which you want to compare. For more information, see Using key hashes in the Synergis key store.
MIFARE DESFire cryptographic keys can be exported from Security Center to one or more Cloud Link Roadrunner™ units in your system. The keys are then automatically updated on the Synergis key store page of the Cloud Link Roadrunner Portal. For more information, see Exporting MIFARE DESFire keys to Synergis Cloud Link units.
Use cases for the keys
The indexed 00 to indexed 31 keys are used to create the cryptographic keys to access a MIFARE DESFire card's secured credential. For more information, see Enabling MIFARE DESFire for transparent OSDP readers in the Cloud Link Roadrunner Portal.