Cryptnox Docs

cryptnox-logo

Initialization (INIT command, PIN/PUK setup, pairing key)

A newly manufactured or reset card must be initialized using the INIT command.
This process defines ownership, authentication credentials, and access control parameters that will be used throughout the card’s operational lifetime.

Initialization parameters include:

  • Owner name (up to 20 characters)
  • Owner email (up to 60 characters)
  • Personal Identification Number (PIN, 4–9 digits, padded to 9 bytes)
  • Personal Unblocking Key (PUK, 12 alphanumeric characters)
  • Pairing key (32 bytes, used for secure channel establishment)

The INIT payload is encrypted to ensure confidentiality. During setup, the host and card perform an ECDH key exchange to derive a session AES key. The initialization payload (Owner + PIN + PUK + Pairing Key) is then encrypted using AES-CBC before transmission.

After successful initialization, the card transitions into the “ready” state, and all sensitive operations thereafter require a secure channel.

Menu
cryptnox-logo
Menu