Comments (10)
As far as I know, the DSC is always present on the NFC chip. To verify the chain of trust you need to get the CSCA master list from the ICAO PKD or the BSI or the Schengen Masterlist and this will be enough.
Then you will need verify the chain: CSCA -> DSC -> LDS hash -> Data Group hashes -> Data Group contents and then you are good.
from nfcpassportreader.
Hi @rgex, Thanks for the quick reply.
Great. Is it possible to get the DSC(Document Signing Certificate) with passive authentication to validate the hashes? I already got the Data Groups Hashes and wants DSC without masterlist.
from nfcpassportreader.
I mean I will do the checks myself that means need to achieve the DSC's somehow.
from nfcpassportreader.
The SOD data group is a PKCS7 file. It contains the DSC. I don't know the current project but using openssl you can deserialize the PKCS7 File and then call p7->d.sign->cert which will return you a STACK_OF(X509) pointer https://github.com/UBIC-repo/core/blob/b83d31c932b40ee908d2f7059d72283d52fd7118/PassportReader/PKCS7/PKCS7Parser.cpp#L76
from nfcpassportreader.
Perhaps you can describe us what you want to achieve?
Where do you want to do the verification, on a remote server or on the phone?
For what you are describing you'll need to use either OpenSSL, no way around.
from nfcpassportreader.
Yes, I want to achieve the Datagroups data with their hashes and now I want to achieve the DSC certificate so I can validate with those on my own backend. I just need to popup the JSON and PUT into the database for validation checks.
So, In Andy's library how can I got the DSC certificates. I already make the JSON just need to add the DSC also on that JSON.
from nfcpassportreader.
Hi @AndyQ ,
`let sod = passport.getDataGroup(.SOD)
let sodData = Data(sod.body)`
In debugging mode I am getting: DataGroup & pkck7CertificateData = ([UInt8]) 48 values
But I am unable to get the pkck7CertificateData byte data. It comes NULL.
Because I think I am passing .body need to pass pkck7CertificateData but it's not accesible.
And my func look like:
//MARK: Fetch the Digital Signature Certificate(DSC) do { guard let sod = passport.getDataGroup(.SOD) else { throw PassiveAuthenticationError.SODMissing("No SOD found" ) } let sodData = Data(sod.body) let certificateData = try OpenSSLUtils.getX509CertificatesFromPKCS7( pkcs7Der: sodData).first! self.sodDataVal = ["certificateData" : certificateData] print(certificateData) }catch { print(error) }
So, I need to fetch the pkck7CertificateData UInt8 byte data then I will play around it.
from nfcpassportreader.
This page may give you some pointers:
http://wiki.yobi.be/wiki/EPassport - specifically the Verifying a passport section.
This is pretty much what I am doing.
You may want to look at the other method ensureReadDataNotBeenTamperedWith in NFCPassportModel - this also extracts the DSC from the SOD and verifies the SOD signed data section against it.
from nfcpassportreader.
Did that help?
from nfcpassportreader.
Closing as assuming all ok now.
from nfcpassportreader.
Related Issues (20)
- Incorrect parameters P1-P2", 106, 134 HOT 30
- Access to DataGroup3 HOT 4
- Error timeout in Iphone 14 pro - iOS 16.2 and cannot detect in HOT 8
- Reading Turkish eID problem in release version HOT 3
- Crashed app while reading NFC using this library HOT 2
- Unable to read German passport with BAC - mutual authenticate issue HOT 16
- DO99 Fatal error: Array index is out of range HOT 19
- Unable to parse DG14 - Failed to parse ASN1 Data
- Active Authentication fails - SW2 indicates 27 bytes still available HOT 8
- NFC
- LDIF format seems changed in new version HOT 2
- sometime MRZ was detect is last line instead first line. HOT 2
- Change in APDU data & instructions due to some passports are giving error while scanning HOT 6
- tagReaderSession:failed to connect to tag - Tag response error / no response HOT 4
- Failure to read a Hungarian passport HOT 2
- (Vietnamese ID Card) Error reading tag: sw1 - 0x69, sw2 - 0x82 HOT 15
- do PACE with CAN not support HOT 1
- Unable to read Belarusian Id Card with BAC. HOT 2
- the extract.py has a problem can not get the pem file HOT 2
- Passive Authentication not working with generated PEM file HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nfcpassportreader.