Support for NXP's Mifare DESFire #2797
Replies: 2 comments 1 reply
-
Mifare DESFire EV2 and EV3 do not support asymmetric encryption. They don't have support for RSA or elliptic encryption or any of the post quantum asymmetric ciphers (which could be used for digital signature or decryption or key exchange). According to the documentation, neither MSE operation (ins 0x22) nor PSO operation (ins 0x2a) is available. Without these operations, the listed Mifare card is practically outside the scope of OpenSC project. It is possible to use these cards for identity verification, but I personally do not know a reasonable (and safe) methodology that allows to solve the revocation of cards, the life cycle of cards without asymmetric encryption/without PKI. |
Beta Was this translation helpful? Give feedback.
-
Use https://github.com/nfc-tools/libfreefare to access your DESFire card. Also, you might want to check out https://www.mysmartlogon.com/products/nfccsp.html with support for 14443 tags. |
Beta Was this translation helpful? Give feedback.
-
I've started to dig in the deephole that is smartcard based authentication on Windows.
The idea behind that is to be able to authenticate users in harsh factory environment while they are accessing softwares from within the production areas.
The users there often have protective gear which makes it hard to enter their credentials, so i was thinking of using smart card login to make it easier for them. The idee would to use Windows Smartcard Logon so that we can manage this card through the domain and have a better software compatibility from the get go.
However, because some area are falling under ATEX regulations (explosive atmosphere) we cannot contact based token because electrical connection in these environments is prohibited.
While searching for contactless based smartcards I often ended up on Mifare DESFire EV2 or EV3 tokens/cards, which seems to be quite cheap, could also be used for existing physical access control and seems to support encryption algorithms.
However I can't seem to fin either minidrivers or CSPs provided by NXP or anyone else to use these token/cards with Windows Smartcard Logon.
How much would it be to add support for these token in OpenSC ? If it is possible to add this support, it would be a huge help to bring cheap and easily available NFC smartcard logon for Windows.
The official chip product page :
https://www.nxp.com/products/rfid-nfc/mifare-hf/mifare-desfire/mifare-desfire-ev3-high-security-ic-for-contactless-smart-city-services:MF3DHx3
Beta Was this translation helpful? Give feedback.
All reactions