Desfire.ChangeExtKey
This command allows to change any key stored on the card.
The key length has to be set according to the desired encryption algorithm:
- DES encryption uses keys of 8 Byte.
- 3DES and AES encryption uses keys of 16 Byte.
- 3K3DES encryption uses keys of 24 Byte.
Properties
- Command code: 0x1B06
- Command timeout: 1000 ms
- Possible status codes: General status codes, Desfire.ErrIso14NoTag, Desfire.ErrBreak, Desfire.ErrIso14Hf, Desfire.ErrIso14CardInvalid, Desfire.ErrReaderChipCommunication, Desfire.ErrIso14ApduCmd, Desfire.ErrIso14InvalidResponse, Desfire.ErrIntegrity, Desfire.ErrPcdKey, Desfire.ErrPcdParam, Desfire.ErrFirmwareNotSupported, Desfire.ErrSamCommunication, Desfire.ErrSamUnlock, Desfire.ErrHardwareNotSupported, Desfire.ErrLength, Desfire.ErrPermissionDenied, Desfire.ErrParameter, Desfire.ErrAuthentication, Desfire.ErrPiccIntegrity, Desfire.ErrCommandAborted, Desfire.ErrEeprom, Desfire.ErrNoSuchKey, Desfire.ErrOutOfMemory, Desfire.ErrIllegalCmd, Desfire.ErrCmdOverflow, Desfire.ErrIllegalCmdLegacy
Parameters (request frame)
| Name | Type/Size | Description | ||
|---|---|---|---|---|
| - | Bit mask (8 bits) | - | ||
| MasterKeyType | Enumeration (bit mask area 0xC0) |
These bits must only be set if the card's Master
Key is changed. They specify the type of the new
card's Master Key. Values:
|
||
| RFU | Integer (bit mask area 0x30) |
Zero padding |
||
| IsKeySet | Boolean (bit 0x08) | Only needed for Desfire EV2 with multiple Keysets. If true,the reader executes the Desfire "ChangeKeyEV2" command instead of the Desfire "ChangeKey" command. | ||
| IsAesKey | Boolean (bit 0x04) | Has to be set if the new key is an AES key. | ||
| IsVersion | Boolean (bit 0x02) | Has to be set if the NewKeyVersion parameter is present. | ||
| IsChangeKey | Boolean (bit 0x01) |
Has to be set if the key used to authenticate the card is the key that needs to be changed (as specified in KeyNo ). In this case, the parameter OldKey has to be omitted. |
||
| KeyNo | Integer (8 bits) | Number of key (0-13) to modify. Has to be 0 if the application Master Key is changed. | ||
| Optional field, condition: IsVersion | ||||
| KeyVersion | Integer (8 bits) |
Version of the new key. Remarks:
|
||
| Length of NewKey | Integer (8 bits) |
Length of NewKey in bytes |
||
| NewKey | Raw data | New key (16 bytes). | ||
| Length of OldKey | Integer (8 bits) |
Length of OldKey in bytes |
||
| OldKey | Raw data | Current key (16 bytes). | ||
| Optional field, condition: IsKeySet | ||||
| KeySet | Integer (8 bits) | specifies KeySet needed for multiple keysets (EV2 extension). | ||
Returned values (response frame)
None