How can I got the DSC? about nfcpassportreader HOT 10 CLOSED

As far as I know, the DSC is always present on the NFC chip. To verify the chain of trust you need to get the CSCA master list from the ICAO PKD or the BSI or the Schengen Masterlist and this will be enough.

Then you will need verify the chain: CSCA -> DSC -> LDS hash -> Data Group hashes -> Data Group contents and then you are good.

from nfcpassportreader.

Hi @rgex, Thanks for the quick reply.
Great. Is it possible to get the DSC(Document Signing Certificate) with passive authentication to validate the hashes? I already got the Data Groups Hashes and wants DSC without masterlist.

from nfcpassportreader.

I mean I will do the checks myself that means need to achieve the DSC's somehow.

from nfcpassportreader.

The SOD data group is a PKCS7 file. It contains the DSC. I don't know the current project but using openssl you can deserialize the PKCS7 File and then call p7->d.sign->cert which will return you a STACK_OF(X509) pointer https://github.com/UBIC-repo/core/blob/b83d31c932b40ee908d2f7059d72283d52fd7118/PassportReader/PKCS7/PKCS7Parser.cpp#L76

from nfcpassportreader.

Perhaps you can describe us what you want to achieve?
Where do you want to do the verification, on a remote server or on the phone?
For what you are describing you'll need to use either OpenSSL, no way around.

from nfcpassportreader.

Yes, I want to achieve the Datagroups data with their hashes and now I want to achieve the DSC certificate so I can validate with those on my own backend. I just need to popup the JSON and PUT into the database for validation checks.
So, In Andy's library how can I got the DSC certificates. I already make the JSON just need to add the DSC also on that JSON.

from nfcpassportreader.

Hi @AndyQ ,
`let sod = passport.getDataGroup(.SOD)

let sodData = Data(sod.body)`

In debugging mode I am getting: DataGroup & pkck7CertificateData = ([UInt8]) 48 values
But I am unable to get the pkck7CertificateData byte data. It comes NULL.

Because I think I am passing .body need to pass pkck7CertificateData but it's not accesible.

And my func look like:
//MARK: Fetch the Digital Signature Certificate(DSC) do { guard let sod = passport.getDataGroup(.SOD) else { throw PassiveAuthenticationError.SODMissing("No SOD found" ) } let sodData = Data(sod.body) let certificateData = try OpenSSLUtils.getX509CertificatesFromPKCS7( pkcs7Der: sodData).first! self.sodDataVal = ["certificateData" : certificateData] print(certificateData) }catch { print(error) }

So, I need to fetch the pkck7CertificateData UInt8 byte data then I will play around it.

from nfcpassportreader.

This page may give you some pointers:
http://wiki.yobi.be/wiki/EPassport - specifically the Verifying a passport section.

This is pretty much what I am doing.

You may want to look at the other method ensureReadDataNotBeenTamperedWith in NFCPassportModel - this also extracts the DSC from the SOD and verifies the SOD signed data section against it.

from nfcpassportreader.

Did that help?

from nfcpassportreader.

Closing as assuming all ok now.

from nfcpassportreader.