This command authenticates a card with the reader. All authentication modes of DESFire cards are supported. Subsequent commands, such as Desfire.ExecCommand, take the authentication mode into account when communicating with a card.

The key used for authentication is specified in the Device / CryptoKey key of the reader's configuration.


Parameters (request frame)

Name Type/Size Description
SecureMessaging Enumeration (8 bits) Sets the secure messaging mode.
  • Native (0x01)
  • EV1 (0x00)
  • EV2 (0x02)
DesKeynr Integer (8 bits) DESFire key number.
KeyId Integer (8 bits) ID of authentication key in the reader's configuration (0x00-0xBF).
- Bit mask (8 bits) -
RFU Integer (bit mask area 0xE0) Zero padding
KeyHasDivData Boolean (bit 0x10) Specifies external diversification data ( KeyDivData parameter) if set.
KeyDivMode Enumeration (bit mask area 0x0E) Specifies diversification algorithm.
  • NoDiv (0)
    No diversification.
  • SamAV1OneRound (1)
    SAM AV1 mode (3DES: 1 encryption round).
  • SamAV1TwoRounds (2)
    SAM AV1 compatible mode (AES, 3K3DES, 3DES: 2 encryption rounds).
  • SamAV2 (3)
    SAM AV2 mode (AES according NXP: AN 10922).
KeyHasExtIdx Boolean (bit 0x01) Set this flag if extended crypto memory is used (using KeyExtIdx parameter).
Optional field, condition: KeyHasDivData
Length of KeyDivData Integer (8 bits) Length of KeyDivData in bytes
KeyDivData Raw data Diversification data (8 byte for DES / 16 for AES key).
Optional field, condition: KeyHasExtIdx
KeyExtIdx Integer (8 bits)

Crypto Memory Index (SAM or CryptoMemory) of authentication key

  • SAM: Key version (0..0xFF)
  • Crypto Memory: Page (0..15)

Returned values (response frame)