The Synergis™ key store is used to configure and store cryptographic keys.
Keys in the Synergis key store
Each cryptographic key is composed of one or more components. For added security, a key can be composed of multiple components so that the key can be separated and distributed to multiple stakeholders, without anyone having the complete key.
In the Synergis key store, a version,
current number of components, and hash are listed for each key.
- Version
- The version number of the key. Each version of the key you create is a
new key.Multiple versions of the same key are listed if the Use key version checkbox on the MIFARE DESFire configuration page is selected. When the checkbox is selected, the system asks the card, which key version it is using and tries to find it in the key store. The indexed 00 to indexed 31 keys can have up to three versions at a time. If the checkbox is cleared, then the system always uses the last version. For example, if you enable key versioning then add versions 1, 2, and then 3 for the indexed 01 key, when you clear this checkbox, only version 3 is listed in the Synergis key store for that key. If you create version 4, and then select the checkbox again, versions 2, 3, and 4 are listed.NOTE: The Reader Kc, Reader Ks, and SAM LockUnlock keys do not support key versioning; the latest changes are automatically incremented.
- Components
- The number of components that currently form the key. Each component is a 32-character hexadecimal value.
- Hash
- The key hash used to verify whether the key that you entered in the Synergis key store is valid. The key is valid if it matches the key hash from the other units, the SAM card, or the key card production tool with which you want to compare. For more information, see Using key hashes in the Synergis key store.
MIFARE DESFire cryptographic keys can be exported from Security Center to one or more Synergis™ Cloud Link units in your system. The keys are then automatically updated on the Synergis key store page of the Synergis Appliance Portal. For more information, see Exporting MIFARE DESFire keys to Synergis Cloud Link units.
Use cases for the different keys
Each type of key in the Synergis key store
is used in a specific context:
- ReaderKc and ReaderKs
- Used to configure communication keys for STid readers. For more information, see Changing the default RS-485 communication keys for STid readers that use the SSCP protocol.
- SAM LockUnlock
- Used to unlock SAM cards so that you can use the cryptographic keys stored in them. For more information, see Unlocking SAM cards.
- Indexed 00 to 31
- Used to create the cryptographic keys to access a MIFARE DESFire card's secured credential. For more information, see Enabling MIFARE DESFire for transparent OSDP readers and Enabling transparent mode on STid readers that use the SSCP protocol.