Open johannesfritsch opened 4 weeks ago
Hi Johannes,
Apologies for the late reply here. I think your use case certainly makes sense and is likely a pretty common (and more secure) approach.
I think without a slight refactor it will be challenging though since you will need to generate the fields transactionId, sessionKeyMac and sessionKeyEncryption server-side and return them to the client.
If you are still interested and have an approach in mind then definitely feel free to open a PR.
Appreciate your interest either way!
Justin
Hey!
First of all: Thanks for your library. It helped me tremendously to understand the programming of my NTAG 424.
My scenario needs to keep the shared secret key away from the mobile app. I want to store the keys on my server and on the PICCs. Every card will have it's own key. So I need to perform parts of the authenticateEv2First function on the mobile phone (part 1) and the PICC, but then send the encrypted random to the server, where I build the encrypted message to be sent back to the mobile app and the PICC for verification (part 2).
Would you accept a PR that makes the private functions public or (even better) refactors the code a bit to allow for such a scenario? I assume that mutual authentication seldom happens between the react native app and the PICC directly.
Best regards
Johannes