We currently have deployed an NFC card access control system for a non-profit makerspace; see:
Our RFID stations are based upon Particle Argons and PN532 based NFC boards (using I2C). We use the Particle port of the Adafruit PN532 library to communicate with the RFID cards.
The system uses Mifare Classic 1K cards but these have been hacked and have become too insecure for access control use. We would like to upgrade to more secure cards that use AES128 encryption; either Mifare Desfire EV1 (or higher) or, better still, Mifare Plus cards (at SL3). Can anyone recommend a library and some example example code that we could use with the existing station hardware? I have searched but I can't find anything that would help.
I am happy to provide you with code extractions from a project in which I am using the same reafer from NXP. Not sure it is what you are looking for, but if you want to have a look I can send it. At this stage it is simply scanning the UID's and printing them to serial monitor.
@friedl_1977: Thank you for the offer. I am looking for a library that I can use to configure cards, set encryption keys, store data securely and retrieve data securely using 3 phase authentication. We don't store much data on the cards - two blocks of 16 bytes each. But the cards must be encrypted to prevent a card from being cloned.
In addition to a library that can do all of this, I'd like some examples of how to perform these operations properly. The Classic cards that we are using are pretty simple and straightforward. The cards have 16 "sectors" of data and each sector is configured by itself (with 2 encryption keys and access control bits) and independent of the other sectors. Desfire cards have a complex and configurable folder ("application") structure with up to 16 keys per application and also master keys for the card. I would like some example code to make sure that I configure the cards correctly so that they are secure -- no backdoors for hackers to attack.
There is a lot of information on-line about how to properly configure Classic cards. In fact, the details are in the official data sheet from NXP. But there is very little on-line information about these newer and more complex cards. I don't want to fool myself into thinking that just because the encryption is modern and hasn't (yet) been hacked, that the cards are automatically secure. I know better - they are not secure if you don't set them up correctly.
Your application seems more involved than what I used it for unfortunately, In case you havent considered it, maybe have a look at the DFRobot library.
With regards to the PN532, I suspect you might find cumbersome to get more comprehensive support from NXP as the IC has been marked NRND. They will most likely try to get you to upgrade the IC as was the case when I had some antenna issues.
Thanks @friedl_1977 . I'll check out the DFRobot library - I wasn't aware of it before. I don't know if PN532 will work with Desfire or Plus cards. I suspect that this chip works with Desfire because it was the current chip back when Desfire and even Desfire EV1 came out. But the chip may not fully support Plus cards. It is hard to get information about these chips and cards at this level of detail without signing an NDA with NXP.
Thanks again @friedl_1977. The DFRobot lib appears to be the same basic library as Adafruit. It supports Mifare Classic and NTAG cards. I did find an Arduino project using Desfire and also a Linux project using Desfire. I can find nothing at all for Plus development -- perhaps these cards are too new. I'll look at the Desfire projects and see if they are doing somethign close to what I need; i.e. using the security (encryption based authentication) on the cards and not just the open-to-all UIDs.
I'd still appreciate it if someone else out there has any suggestions, particularly for Mifare Plus and Arduino/Particle.