What is a Key Set?
A key set is composed of 3 keys:
- Authentication Key: the authentication key is used to generate an encryption session key. The encryption session key will be used to encrypt an APDU data field sent over a secure channel using data encryption.
- MAC Key : the MAC key is used to generate a MAC session key. The MAC session key will be used to compute the MAC on an APDU sent over a secure channel using data integrity.
- Key Encryption Key (KEK): the KEK is used to encrypt an APDU data field. This provides an additional level of encryption when loading sensitive data on the card (like cryptographic keys). The KEK can be used to encrypt data inside or outside a secure channel, whereas the authentication and MAC keys are used within the context of a secure channel.