P5DF081HN/T1AD2060 NXP Semiconductors, P5DF081HN/T1AD2060 Datasheet - Page 18

P5DF081HN/T1AD2060

Manufacturer Part Number

P5DF081HN/T1AD2060

Description

P5DF081HN/HVQFN32/REEL13//T1AD

Manufacturer

NXP Semiconductors

Series

MIFARE®r

Datasheet

1.P5DF081HNT1AD2060.pdf (36 pages)

Specifications of P5DF081HN/T1AD2060

Lead Free Status / RoHS Status

Lead free / RoHS Compliant

Lead Free Status / RoHS Status

Lead free / RoHS Compliant

Current page: 18 of 36
Download datasheet (227Kb)

NXP Semiconductors

Table 9.

P5DF081_SDS

Objective short data sheet

PUBLIC

Command

PKI_GenerateKeyPair

PKI_ImportKey

PKI_ExportPrivateKey

PKI_ExportPublicKey

PKI_UpdateKeyEntries

PKI_GenerateHash

PKI_GenerateSignature

PKI_SendSignature

PKI_VerifySignature

Public Key Infrastructure (PKI) commands

8.6.4 Public Key Infrastructure (PKI) commands

PKI commands are available to generate public key pairs, to import public keys or key

pairs, to export public keys or key pairs, to generate and to validate signatures, to

compute hashes suitable for signature operations and to manage the symmetric Key

Storage Table.

PKI commands are only available in AV2 mode.

Description

The PKI command PKI_GenerateKeyPair creates a pair of a public and a private key.

MIFARE SAM AV2 only supports the CRT format. A successful host authentication in

the LC using SAM_AuthenticateHost with a Host Key is required to execute the

PKI_GenerateKeyPair command.

The PKI command PKI_ImportKey imports an RSA key. This can be either a public

key or a full key pair (including a private key). When a change key (see

specified, a successful host authentication in the LC using SAM_AuthenticateHost

with a Host Key is required to execute the PKI_ImportKey command.

The PKI command PKI_ExportPrivateKey exports a full RSA key entry (i.e including the private

key if present). The key pair is exported in CRT format.

This command is intended for private key backup after having it created with MIFARE SAM AV2.

For this reason, this command will only be accepted if the key entry includes a private key and

private key export is allowed by the PKI SET configuration of the addressed key. The command

is part of the restricted command set and requires protection with a Host Key change key.

The PKI command PKI_ExportPublicKey exports the public key part of a RSA key pair.

The command is part of the general command set, so its protection depends on the general

SAM-Host communication protection.

The PKI_UpdateKeyEntries command can be used to change key entries of the symmetric key

storage (KST). Executing this command does not require any protection coming from the

change key of the key entries (e.g. a Host Authentication in case of a Host Key). Instead the

command's execution is protected by asymmetric techniques using the PKI support of the SAM.

The command is protected by encrypting the key entries using the RSA encryption. On top a

digital signature is added using the RSA signature algorithm. This allows offline preparation of

the cryptogram. The same hashing algorithm is to be used for both MGFs and for the digital

signature handling (as indicated by the P1 byte).

The PKI command PKI_GererateHash computes the hash on a data string. The

algorithm to be used to compute the hash is selected through P1.

The PKI command PKI_GenerateSignature generates a signature on a hash given as

input using one of the two private keys stored in the PKI Key Storage Table.

The PKI command PKI_SendSignature returns a pre-computed signature. The returned

signature is protected according to the SAM-Host protection in place on the corresponding

logical channel.

The PKI command PKI_VerifySignature verifies the correctness of a signature.

All information provided in this document is subject to legal disclaimers.

Rev. 1 — 12 August 2010

191710

P5DF081

MIFARE SAM AV2

Ref. 1

) is

18 of 36

P5DF081HN/T1AD2060 NXP Semiconductors, P5DF081HN/T1AD2060 Datasheet - Page 18

P5DF081HN/T1AD2060

Specifications of P5DF081HN/T1AD2060

Related parts for P5DF081HN/T1AD2060