Previously, we’ve talked about the the password protection feature found on NXP’s NTAG21X family of NFC cards. While our Tappy NFC readers have supported this feature for years, previously it was only available as part of a custom solution; however, there is a new public command family exposing this functionality that is now supported on Tappies with firmware version 0.76 or newer, which corresponds to ship dates of September 2018 or later for Tappies ordered directly from TapTrack (other distributors may have slightly older stock). Sicne going through the details of the command family would require multiple blog posts, we’re just going to touch on some key features and capabilities of this new command set and recommend that interested parties either consult the Tappy Command Reference or contact us to find out more.
As of version 1.0 of the command family, the password protected command family supports four operations - write text NDEF, write URL NDEF, write custom NDEF, and read NDEF. When the tag is written, you can also specify if you wish the password to be required for reading the tag’s contents or if you only wish to require authentication to rewrite the tag.
Password/Password Acknowledgement (PACK) Specification
The Tappy supports two different methods of specifying the password and PACK to be used for a password-protected operations - either a binary password/PACK pair can be directly specified or you can supply a human-readable password. If a human readable password is supplied, the Tappy will generate a password/PACK pair from it using a pseudorandom cryptographic key derivation function.
If you wish to write NTAGs with password protection, our Windows-based Tappy utility currently supports this operation as part of its batch encoding feature.