Difference between revisions of "Belgian ePassport"
Jump to navigation
Jump to search
m |
m |
||
| Line 1: | Line 1: | ||
Back to [[Belgian eGov]] |
Back to [[Belgian eGov]] |
||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
* [https://www.checkdoc.be/CheckDoc/index.jsp?currenPage=checkdocument.jsp&choice=checkSecurity&iconDB=02&specific_document=1115&checksecurity_level=2&id_menu=0012 Current versions demo] |
* [https://www.checkdoc.be/CheckDoc/index.jsp?currenPage=checkdocument.jsp&choice=checkSecurity&iconDB=02&specific_document=1115&checksecurity_level=2&id_menu=0012 Current versions demo] |
||
* Uses Opentrust PKI (former IDX-PKI from idealx) |
* Uses Opentrust PKI (former IDX-PKI from idealx) |
||
| Line 11: | Line 10: | ||
** Much more expensive if urgent or 64 pages (~250€) |
** Much more expensive if urgent or 64 pages (~250€) |
||
* maker? at least [http://www.lecho.be/actualite/entreprises_technologie/Le_Belge_Zetes_met_plus_que_jamais_le_cap_sur_l'Afrique.6813096-587.art?searchselect=srch_bonds not Zetes] (contradictory info [http://www.vnunet.fr/fr/vnunet/news/2007/06/13/carte-d-identit-lectronique here])<br>''Mais nous ne fabriquons pas le passeport belge, c’est vrai. C’est un contrat qui a été attribué avant que nous ne soyons actifs sur ce segment. S’il y a un appel d’offres, j’imagine que nous y répondrons.'' |
* maker? at least [http://www.lecho.be/actualite/entreprises_technologie/Le_Belge_Zetes_met_plus_que_jamais_le_cap_sur_l'Afrique.6813096-587.art?searchselect=srch_bonds not Zetes] (contradictory info [http://www.vnunet.fr/fr/vnunet/news/2007/06/13/carte-d-identit-lectronique here])<br>''Mais nous ne fabriquons pas le passeport belge, c’est vrai. C’est un contrat qui a été attribué avant que nous ne soyons actifs sur ce segment. S’il y a un appel d’offres, j’imagine que nous y répondrons.'' |
||
| − | + | ===chip=== |
|
* ATR 3B 8E 80 01 80 91 E1 31 C0 64 77 E3 03 00 83 82 90 00 6C |
* ATR 3B 8E 80 01 80 91 E1 31 C0 64 77 E3 03 00 83 82 90 00 6C |
||
* ATR 3B 8E 80 01 80 91 91 31 C0 64 77 E3 03 00 83 82 90 00 1C (as mentioned in pcsc-lite smartcard_list.txt) |
* ATR 3B 8E 80 01 80 91 91 31 C0 64 77 E3 03 00 83 82 90 00 1C (as mentioned in pcsc-lite smartcard_list.txt) |
||
| Line 30: | Line 29: | ||
keyid:00:84:19:14:B2:CE:7E:0A:DE:3A:26:F9:FD:DD:1F:F4:01:42:A8:0E |
keyid:00:84:19:14:B2:CE:7E:0A:DE:3A:26:F9:FD:DD:1F:F4:01:42:A8:0E |
||
| + | ==Active Authentication== |
||
| − | ===Security of Belgian ePassports=== |
||
| + | See first [[EPassport#Active_Authentication]] |
||
| + | |||
| ⚫ | |||
* http://www.theregister.co.uk/2007/06/10/belgian_epassport_flaws/ |
* http://www.theregister.co.uk/2007/06/10/belgian_epassport_flaws/ |
||
* http://www.dice.ucl.ac.be/crypto/passport/index.html |
* http://www.dice.ucl.ac.be/crypto/passport/index.html |
||
Revision as of 01:43, 6 February 2009
Back to Belgian eGov
See also the general ePassport page
Characteristics
- Current versions demo
- Uses Opentrust PKI (former IDX-PKI from idealx)
- Price:
- 30€ droit de chancellerie
- taxes communales (Ixelles=26€, Leuven=11€?,...)
- 41€ frais de confection
- Much more expensive if urgent or 64 pages (~250€)
- maker? at least not Zetes (contradictory info here)
Mais nous ne fabriquons pas le passeport belge, c’est vrai. C’est un contrat qui a été attribué avant que nous ne soyons actifs sur ce segment. S’il y a un appel d’offres, j’imagine que nous y répondrons.
chip
- ATR 3B 8E 80 01 80 91 E1 31 C0 64 77 E3 03 00 83 82 90 00 6C
- ATR 3B 8E 80 01 80 91 91 31 C0 64 77 E3 03 00 83 82 90 00 1C (as mentioned in pcsc-lite smartcard_list.txt)
- ATR 3B 88 80 01 00 00 01 07 01 72 90 00 EC (on a recent passport 01/2009 EH431xxx)
- Belgium is one rare country to also include the owner handwritten signature, in EF_DG7
- Non-compliances?
- Requires option 0x0C whenever you select the application or a file (important for non-BAC passports), usually other passports implement 7816-4 a bit better and accept the standard select_file but apparently Belgium just implemented the example of LDS just as it was presented, no more)
- non-BAC passports have a bug in EF_DG11, in full name of holder (tag 5F0E): null length followed by "A0 06 02 01 01"
- newer passports have a bug in EF_DG12, using tag 5F85 instead of 5F55 for the document issuance timestamp (5F85 is in LDS1.7, 5F55 is in ISO standard)
- newest passports (with polycarbonate transparent sheet) don't have the bug anymore in EF_DG12, skipping simply document issuance timestamp
- Reading the DS certificate in EF_SOD (output truncated):
openssl pkcs7 -text -print_certs -in EF_SOD.PEM
Authority:
Issuer: C=BE, O=Kingdom of Belgium, OU=Federal Public Service Foreign Affairs Belgium, CN=CSCAPKI_BE
Subject: C=BE, O=Kingdom of Belgium, OU=Federal Public Service Foreign Affairs Belgium, CN=DSPKI_BE
X509v3 extensions:
X509v3 Authority Key Identifier:.
keyid:00:84:19:14:B2:CE:7E:0A:DE:3A:26:F9:FD:DD:1F:F4:01:42:A8:0E
Active Authentication
See first EPassport#Active_Authentication