3. Creating a MIFARE DESfire Template using the CCI Editor

DESfire cards take an entirely different approach to encoding compared to MIFARE Classic or Plus cards. With DESFire, you are able to define Applications and Files that contain information, each with specific access settings. Similar to MIFARE Classic, launch the CCI Editor, which will open to a blank window. Choose “File” → “New” → “DESFire”.

The Card settings panel will allow you to define general rules for your encoding template. A DESFire card features a Card master key that can be used to re-encode or erase the card at any time. All keys for DESFire cards can be encoded using 3DES, 3K3DES or AES encrypted keys. A key can be either generated or entered manually.

The other options for the Card settings dialog are self-explanatory, but must be decided with caution as they will impact how flexible the card can be used after being encoded. In addition to the default DESFire features, Reset keys are implemented that allow for cards to be repurposed, by users even though the Card master key might not be available. Distributing the Card master key might not be desirable because of possible security liabilities. Multiple Reset keys can be created to supply to different vendors.

BM_Encode_DESfire_01

Once Card settings have been defined, an Application can be created by choosing “Add application” on the bottom left of the screen. Doing so will automatically create an application titled “000001”. On the right side of the screen, information can be entered to define the Application such as a Description, an ID (Hexadecimal value) and the Encryption type. For each applications, settings are available that define future use of the application such as allowing the Master key to be changed or Authentication settings for accessing the data in the Application. Each Application can have up to 10 keys that can be distributed to vendors for use of the Application.

Once finished, choose “Add file” to create a file named “File 0” for the currently selected Application. Each file will contain a Description and a File number. Communication mode determines the way in which the File is allowed to exchange data. It is highly recommended to use the Encrypted setting, as the Plain (unencrypted) mode should only be used for data that does not contain sensitive information.

All DESFire File types are supported to accommodate integration with access control or payment systems that support the DESFire standard. For general purposes, select the “Standard data file” from the dropdown list.

Each file has individual settings for Read, Write and Read/Write access, as well as an access rule for changing these settings after encoding the card.

Standard file types require you to set the total file size. Keep in mind that this has to be equal to or greater than the total amount of bytes that are used by your File data. In our example, the total amount of data used is 42 bytes, but the file is given 64 bytes instead.

BM_Encode_DESfire_02

File data is added to the File in a similar fashion to defining MIFARE Classic or Plus templates. Select a data type from the dropdown box, and choose “Add” to create a new data block. Define the data format and alignment, as well as the Field as this will be the identifier once the CCI file is linked to your BadgeMaker Identity project.

Each DESFire template can contain a maximum of 32 Applications, and each Application can contain a maximum of 32 files.

Once completed, the template can be either saved to a human-readable XML format, or a password-encrypted CCI format. Both can be used to encode cards in your BadgeMaker Identity project.