You can use the MIFARE DESFire configuration task in Config Tool to configure and store cryptographic keys.
Before you begin
- Your Security Center license supports the following options:
- MIFARE DESFire configuration
- Smart card encoding
- You’re granted the Export configurations and keys and Modify keys user privileges.
What you should know
- MIFARE DESFire EV1/EV2/EV3 is a 128-bit, Advanced Encryption Standard (AES)-based protocol for which you define the keys.
- A cryptographic key has three attributes:
- Name
- The key name corresponds to the key index in the
Configuration page. It takes the form
index xxxx
. A given name can have up to three versions. - Version
- The key version can be any number from 0 to 255. The name and version together identify a unique key value. Security Center only encodes version 0. If the key is to be used by an external system, a version other than 0 can be used if the latter accepts it.
- Value
- The key value can have multiple components. Each component is a 32-character hexadecimal value.
- To read a DESFire badge that has been encoded, these three attributes must match between the encoding system (typically Security Center) and the reading system (Synergis™ Cloud Link).
- You configure cryptographic keys from the Key vault page of the
MIFARE DESFire configuration task for two reasons:
- To store the keys that Security Center uses to encode badges. In this case, only key version 0 is allowed.
- To export the keys to Synergis Cloud Link units. In this case, the key version may differ from 0 if a third-party system encoded the card, allowing this variation.
- After a key has been added, it can no longer be modified. To modify a key, you must delete it and add a new one.