Difference between revisions of "Belgian ePassport"
Jump to navigation
Jump to search
| Line 14: | Line 14: | ||
* [https://pkddownloadsg.icao.int/ICAO/pkdLDIFDownload.jsp ICAO PKD LDIF download] |
* [https://pkddownloadsg.icao.int/ICAO/pkdLDIFDownload.jsp ICAO PKD LDIF download] |
||
Stupid script to see what are the country certificates there (there are also CRLs): |
Stupid script to see what are the country certificates there (there are also CRLs): |
||
| + | <source lang=bash> |
||
| − | + | #!/bin/bash |
|
| − | |||
| + | |||
| − | + | rm xx* |
|
| − | + | csplit pkd.000033.ldif '%userCertif%' '/^userCertif/' '{*}' |
|
| − | + | for i in xx*; do |
|
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -out $i.pem -outform pem |
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -out $i.pem -outform pem |
||
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -text -noout > $i.txt |
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -text -noout > $i.txt |
||
test $? -eq 0 && rm $i |
test $? -eq 0 && rm $i |
||
| − | + | done |
|
| + | </source> |
||
===Readers=== |
===Readers=== |
||
Revision as of 18:40, 22 January 2009
Back to Belgian eGov
RFID-enabled Passports
ICAO standards
Country certificates
Stupid script to see what are the country certificates there (there are also CRLs):
#!/bin/bash
rm xx*
csplit pkd.000033.ldif '%userCertif%' '/^userCertif/' '{*}'
for i in xx*; do
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -out $i.pem -outform pem
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -text -noout > $i.txt
test $? -eq 0 && rm $i
done
Readers
Hacks
- http://www.acbm.com/inedits/rfid.html
- http://www.schneier.com/blog/archives/2006/06/build_your_own.html
Tools
OpenMRTD
library
JMRTD
Java host API & Javacard applet to build your own epassport infrastructure
RFIDIOt
apt-get install python-pyscard $ ./mrpkey.py -L PCSC devices: No: 0 OMNIKEY CardMan 5x21 00 00 No: 1 OMNIKEY CardMan 5x21 00 01 $ ./mrpkey.py -r 1 CHECK mrpkey v0.1n (using RFIDIOt v0.1s) Reader: PCSC OMNIKEY CardMan 5x21 00 01 Device is a Machine Readable Document $ ./mrpkey.py -r 1 "EXnnnnnn<cBELyymmddcSyymmddc<<<<<<<<<<<<<<cc"
To fix reader number, edit RFIDIOtconfig.py
In MRZ passport number is coded with 9 chars. Belgian uses only 8 chars so some passport readers need a document number padded with char "<" ("EXnnnnnn<")
To use mrpkey under Windows you need:
eCL0WN
Applet for Nokia NFC phone
Belgian ePassports
Characteristics
- Current versions demo
- Uses Opentrust PKI (former IDX-PKI from idealx)
- Price:
- 30€ droit de chancellerie
- taxes communales (Ixelles=26€, Leuven=11€?,...)
- 41€ frais de confection
- Much more expensive if urgent or 64 pages (~250€)