Is possible to run code on a NFC card like Mifare DESfire?

Question

I am very new to the smart cards and I think I have misunderstood some things.

I want to be able to sign messages using ECDSA with the card's private key(s). Also have some custom logic for key derivation.

Is it possible with Mifare DESFire? If not, what other NFC smart cards could do that?

Thanks

Answer 1

No, MIFARE DESFire is a memory card (with some additional protection mechansims for authentication/access control and encryption) so it's not possible to run custom code on such a card. DESFire cards only have symmetric keys for authentication and support only (3)DES and AES (only EV1) encryption of the exchanged data.

If you want to be able to create digital signatures and do other asymmetric cryptography with a card, I suggest you look into processor smartcards. Besides contactless cards with pre-loaded cryptography applications, I suggest you look into Java Cards if you want to create your own card-side applications or if you want some existing open-source applets like OpenPGPcard. Note that you need to make sure that the card contains an asymmetric co-processor with support for ECDSA if you want to create an application that performs ECDSA signatures.

Keep in mind, however, that the NFC interface of mobile phones is typically designed for interaction with low-power NFC tags. Consequently, communication with processor cards (particularly in combination with cryptography) may result in problems.

Answer 2

Not on desfire but just get any smart card with contactless capabilities and implement something like ndef on top of it. Like Yubikey NEO's applet that generates a NDEF message with OTP keys, for example.