CrypTagDecoder
Decode CrypTag SDM data across AES and LRP modes. Detect the encryption mode and route to the appropriate decoder.
Constructors
Constructor
new CrypTagDecoder(options?): CrypTagDecoder;Create a decoder instance with keys and settings.
Parameters
options?
Configuration options.
applicationId?
string
Application ID for diversification (default: ‘3042f5’).
keyList?
{ }
Key configuration object.
sdmSettings?
{
cmacSeparator?: string;
sdmFileRead?: string | number;
sdmMetaRead?: string | number;
}
SDM key settings.
sdmSettings.cmacSeparator?
string
CMAC URL separator for full mode (default: ”).
sdmSettings.sdmFileRead?
string | number
Key number for SDM file read (0-4) or ‘free’ for public (default: 3).
sdmSettings.sdmMetaRead?
string | number
Key number for SDM meta read (0-4) or ‘free’ for public (default: 2).
systemIdentifier?
string
System ID for diversification.
Returns
CrypTagDecoder
Throws
E400 if options, keyList, systemIdentifier, applicationId, sdmSettings, or diversification parameters fail validation.
Properties
applicationId
applicationId: string;diversifiedKeyCache
diversifiedKeyCache: Map<string, Buffer>;keyList
keyList: object;sdmSettings
sdmSettings: object;cmacSeparator
cmacSeparator: string;sdmFileRead
sdmFileRead: string | number;sdmMetaRead
sdmMetaRead: string | number;systemIdentifier
systemIdentifier: string;Methods
_decodeProfile()
_decodeProfile( piccData, label, decodeWith): DecodeData;Shared decode flow for the encrypted/full profiles: resolve SDM keys, run an undiversified decode, then re-decode with the diversified file key when diversification is enabled and a UID was recovered.
Parameters
piccData
Buffer
Encrypted PICC data
label
string
Profile label for error messages (‘Encrypted’ or ‘Full’)
decodeWith
(mode, metaKey, fileKey) => DecodeData
Per-mode decode callback
Returns
DecodeData
Decoded payload (the caller wraps it in success())
Throws
E400 if a required SDM key is configured as ‘free’, or the meta-read key is diversified.
decodeEncrypted()
decodeEncrypted(params): DecodeResult;Profile 2: Decode encrypted PICC mode (picc_data + cmac) Automatically detects AES vs LRP based on PICC data length
Parameters
params
Parameters
cmac
string
Hex encoded CMAC
picc_data
string
Hex encoded PICC data
Returns
DecodeResult
Decoded result
decodeFull()
decodeFull(params): DecodeResult;Profile 3: Decode full encryption mode (picc_data + enc + cmac) Automatically detects AES vs LRP based on PICC data length
Parameters
params
Parameters
cmac
string
Hex encoded CMAC
cmacSeparator?
string
Text the tag MACs between the enc and cmac values; readNDEF supplies this automatically and it overrides the constructor’s sdmSettings.cmacSeparator
enc
string
Hex encoded encrypted file data
picc_data
string
Hex encoded PICC data
Returns
DecodeResult
Decoded result with file data
decodePlain()
decodePlain(params): DecodeResult;Profile 1: Decode plain mode (uid + ctr + cmac) Tries AES first, then LRP if CMAC validation fails
Parameters
params
Parameters
cmac
string
Hex encoded CMAC
ctr
string
Hex encoded counter
uid
string
Hex encoded UID
Returns
DecodeResult
Decoded result
detectEncryptionMode()
detectEncryptionMode(piccData): string;Detect encryption mode from PICC data length
Parameters
piccData
Buffer
PICC data
Returns
string
‘AES’ or ‘LRP’
Throws
E400 if piccData is not a Buffer or its length matches no supported mode.
getConfiguration()
getConfiguration(): DecoderConfiguration;Get current configuration (for debugging/inspection)
Returns
DecoderConfiguration
Current configuration
getKey()
getKey(keyNo, uid?): Buffer;Get key for specific operation with diversification support
Parameters
keyNo
string | number
Key number (0-4)
uid?
any = null
UID for diversification as a Buffer or hex string (null skips diversification)
Returns
Buffer
Key (diversified if configured and UID provided)
Throws
E400 if keyNo is out of range/unknown, or uid is not a Buffer/hex string.
setKeys()
setKeys(keyList?): void;Set keys after construction
Parameters
keyList?
New keyList configuration
Returns
void
Throws
E400 if any key configuration is invalid or diversification parameters fail validation.
setParameters()
setParameters(settings?): void;Set diversification parameters
Parameters
settings?
Diversification settings
applicationId?
string
Application ID
sdmSettings?
{
cmacSeparator?: string;
sdmFileRead?: string | number;
sdmMetaRead?: string | number;
}
SDM key settings
sdmSettings.cmacSeparator?
string
CMAC URL separator for full mode
sdmSettings.sdmFileRead?
string | number
Key number for SDM file read (0-4) or ‘free’
sdmSettings.sdmMetaRead?
string | number
Key number for SDM meta read (0-4) or ‘free’
systemIdentifier?
string
System identifier
Returns
void
Throws
E400 if any setting value fails validation (state is rolled back on error).
updateKey()
updateKey(keyNo, config): void;Update specific key configuration
Parameters
keyNo
string | number
Key number (0-4)
config
DecoderKeyConfig
Key configuration { masterKey, diversify }
Returns
void
Throws
E400 if keyNo is out of range, config is invalid, or diversification parameters fail validation.