About the Synergis key store
The Synergis™ key store is used to configure and store cryptographic keys.
Keys in the Synergis key store
Each cryptographic key is composed of one or more components. For added security, a key can be composed of multiple components so that the key can be separated and distributed to multiple stakeholders, without anyone having the complete key.
- Version
- The version number of the key. Each version of the key you create is a
new key.
Multiple versions of the same key are listed if the Use key version checkbox on the MIFARE DESFire configuration page is selected. When the checkbox is selected, the system asks the card which key version it’s using and tries to find it in the key store. The indexed 00 to indexed 31 keys can have up to three versions at a time. If the checkbox is cleared, then the system always uses the last version.
For example, if you enable key versioning then add versions 1, 2, and then 3 for the indexed 01 key, when you clear this checkbox, only version 3 is listed in the Synergis key store for that key. If you create version 4, and then select the checkbox again, versions 2, 3, and 4 are listed.Note: The ReaderKc, ReaderKs, and SAM host authentication keys do not support key versioning; the latest changes are automatically incremented. - Components
- The number of components that currently form the key. Each component is a 32-character hexadecimal value.
- Hash
- The key hash that is used to verify whether the key that you entered in the Synergis key store is valid. The key is valid if it matches the key hash from the other units, the SAM card, or the key card production tool with which you want to compare. For more information, see Using key hashes in the Synergis key store.
MIFARE DESFire cryptographic keys can be exported from Security Center to one or more Synergis™ Cloud Link units in your system. The keys are then automatically updated on the Synergis key store page of the Synergis™ Appliance Portal. For information, see Exporting MIFARE DESFire keys to Synergis Cloud Link units.
Use cases for the different keys
- ReaderKc and ReaderKs
- Used to configure communication keys for STid readers. For more information, see Changing the default RS-485 communication keys for STid readers that use the SSCP protocol.
- SAM host authentication
- Used to unlock SAM cards so that you can use the cryptographic keys stored in them. For more information, see Unlocking SAM cards.
- Indexed 00 - 31
- Used to create the cryptographic keys to access a MIFARE DESFire card's secured credential. For more information, see Enabling MIFARE DESFire for transparent OSDP readers and Enabling transparent mode on STid readers that use the SSCP protocol.