Reference Manual


Desfire.Authenticate

This command authenticates a card with the reader. All authentication modes of DESFire cards are supported. Subsequent commands, such as Desfire.ExecCommand, take the authentication mode into account when communicating with a card.

The key used for authentication is specified in the Device / CryptoKey key of the reader's configuration.

Properties

Parameters (request frame)

Name Type/Size Description
SecureMessaging Enumeration (8 bits) Sets the secure messaging mode.
Values (3):
  • Native (0x01)
  • EV1 (0x00)
  • EV2 (0x02)
DesKeynr Integer (8 bits) DESFire key number.
KeyId Integer (8 bits) ID of authentication key in the reader's configuration (0x00-0xBF).
- Bit mask (8 bits) -
RFU Integer (bit mask area 0xE0) Zero padding
KeyHasDivData Boolean (bit 0x10) Specifies external diversification data (KeyDivData parameter) if set.
KeyDivMode Enumeration (bit mask area 0x0E) Specifies diversification algorithm.
Values (4):
  • NoDiv (0x00)
    No diversification.
  • SamAV1OneRound (0x01)
    SAM AV1 mode (3DES: 1 encryption round).
  • SamAV1TwoRounds (0x02)
    SAM AV1 compatible mode (AES, 3K3DES, 3DES: 2 encryption rounds).
  • SamAV2 (0x03)
    SAM AV2 mode (AES according NXP: AN 10922).
KeyHasExtIdx Boolean (bit 0x01) Set this flag if extended crypto memory is used (using KeyExtIdx parameter).
Optional field, condition: KeyHasDivData
Length of KeyDivData Integer (8 bits) Length of KeyDivData in bytes
KeyDivData Raw data Diversification data (8 byte for DES / 16 for AES key).
Optional field, condition: KeyHasExtIdx
KeyExtIdx Integer (8 bits)

Crypto Memory Index (SAM or CryptoMemory) of authentication key

  • SAM: Key version (0..0xFF)
  • Crypto Memory: Page (0..15)

Returned values (response frame)

None