11.12.3.4.74. Function Se05x_API_DFChangeKeyPart1

11.12.3.4.74.1. Function Documentation

smStatus_t Se05x_API_DFChangeKeyPart1(pSe05xSession_t session_ctx, uint32_t oldObjectID, uint32_t newObjectID, uint8_t keySetNr, uint8_t keyNoDESFire, uint8_t keyVer, uint8_t *KeyData, size_t *pKeyDataLen)

Se05x_API_DFChangeKeyPart1

The DFChangeKeyPart1 command is supporting the function to change keys on the DESFire PICC. The command generates the cryptogram required to perform such operation.

The new key and, if used, the current (or old) key must be stored in the SE05X and have the POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION associated to execute this command. This means the new PICC key must have been loaded into the SE05X prior to issuing this command.

The 1-byte key set number indicates whether DESFire ChangeKey or DESFire ChangeKeyEV2 is used. When key set equals 0xFF, ChangeKey is used.

Command to Applet

Field

Value

Description

CLA

0x80

INS

INS_CRYPTO

SE05x_INS_t

P1

P1_DEFAULT

See SE05x_P1_t

P2

P2_CHANGE_KEY_PART1

See SE05x_P2_t

Lc

#(Payload)

TLV[TAG_1]

4-byte identifier of the old key. [Optional: if the authentication key is the same as the key to be replaced, this TAG should not be present].

TLV[TAG_2]

4-byte identifier of the new key.

TLV[TAG_3]

1-byte key set number [Optional: default = 0xC6]

TLV[TAG_4]

1-byte DESFire key number to be targeted.

TLV[TAG_5]

1-byte key version

Le

0x00

R-APDU Body

Value

Description

TLV[TAG_1]

Cryptogram holding key data

R-APDU Trailer

SW

Description

SW_NO_ERROR

The command is handled successfully.

Parameters
  • [in] session_ctx: Session Context [0:kSE05x_pSession]

  • [in] oldObjectID: oldObjectID [1:kSE05x_TAG_1]

  • [in] newObjectID: newObjectID [2:kSE05x_TAG_2]

  • [in] keySetNr: keySetNr [3:kSE05x_TAG_3]

  • [in] keyNoDESFire: keyNoDESFire [4:kSE05x_TAG_4]

  • [in] keyVer: keyVer [5:kSE05x_TAG_5]

  • [out] KeyData: [0:kSE05x_TAG_1]

  • [inout] pKeyDataLen: Length for KeyData