Add or delete key files

There are two types of key that you may need to add to your VTAP reader:

• Private keys - the private key from each ECC key pair you have generated to secure your mobile wallet passes.

  Each is stored in a file with the name private#.pem, following the .pem format, where # is replaced with a number from 1 to 6, matching the key slot you will save it in. (The demo passes are accessed using the key in KeySlot 6, so don't overwrite this one unless you are finished with Dot Origin demo passes.)

  The text of a .pem format file will look something like this:

  -----BEGIN EC PARAMETERS-----
  BggqhkjOPQMBBw==
  -----END EC PARAMETERS-----
  -----BEGIN EC PRIVATE KEY-----
  MHcCAQEEIIEtIyvdGuRj+gRrTPn7+wpQ7XAhWfLAfmBzhtzjdrnQoAoGCCqGSM49
  AwEHoUQDQgAEYzDKBwanQZs1TtuTsmrkpYjow8idfqMd0U/lwfpBdtqIjcCRowD1
  lznasiT971AkZqvOZBfZTRnnjNBMu1uXzg==
  -----END EC PRIVATE KEY-----

  Note: A VTAP reader cannot use more than 6 private key files.

  If you are not sure how to generate an ECC key pair please refer to the Application Note VTAP ECC key pairs for more information.

• Application keys - these include AES or DESFire application keys to access NFC card data, or an OSDP secure channel base key.

  Each of your application keys must be saved in a text file, with the name appkey#.txt, where # is replaced with a number from 1 to 9, matching the key slot you will save it in. Each text file should just contain one application key, in the appropriate format for its application, for example 32 hex digits in the case of a DESFire application key.

  The text of an application key text file will always start with key= and look something like:

  Copy

  key=bd6a15d1039e7527edfd01f37a220f3e

  Note: A VTAP reader cannot use more than 9 application key files.

Add a key

The same process is followed to add any type of key.

Step 1: Choose your key slot and name your key file appropriately

Check the BOOT.TXT file on your VTAP reader (or use a ?b or ?info command over a serial interface) to find out which key slots are already in use, before you add a new key. The number used in the filename of your key determines the key slot where that key will be saved.

Private keys must be in files named private#.pem and application keys in files named appkey#.txt, with # replaced by a number 1 to 6 for private keys or 1 to 9 for app keys, to identify your chosen key slot.

Step 2: Move or copy your key file to your VTAP reader

Load your keys by copying these files onto your VTAP reader. Just connect your VTAP reader to a PC via USB, so it appears as a mass storage device on the PC file system (unless disabled or locked), then you can drag and drop the files.

Alternatively, transfer the file to your VTAP reader using Zmodem to transfer over a serial interface.

Step 3: Load your key by rebooting or use a ?KEYLOAD command - file disappears from filesystem

Power cycle your VTAP reader. (Disconnect or safely remove the drive from the PC then reconnect it.) When you reboot the VTAP reader your key will have been stored in hardware, and will no longer be listed as a file on the device.

Alternatively, send a ?KEYLOAD command over a serial interface for the key to be loaded, to avoid the need to restart the VTAP reader.

Delete a key

To clear a key from a particular key slot, without replacing it with a new key, you prepare a special type of key file. The format for that file depends on the key type you need to clear.

Delete a private key

To delete a private key from slot # you create a key file called private#.pem. The content of this file is a single line:

-----DELETE EC PRIVATE KEY-----

Now add this special deletion key to the private key slot you need to clear, following the Add a key instructions.

Delete an application key

To delete an application key from slot # you create a key file called appkey#.txt. The content of this file is a single line:

key=DELETE

Now add this special deletion key to the application key slot you need to clear, following the Add a key instructions.