Difference between revisions of "Belgian ePassport"
Jump to navigation
Jump to search
m |
|||
Line 1: | Line 1: | ||
Back to [[Belgian eGov]] |
Back to [[Belgian eGov]] |
||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
==RFID-enabled Passports== |
==RFID-enabled Passports== |
||
===ICAO standards=== |
===ICAO standards=== |
||
Line 59: | Line 71: | ||
====[http://www.dexlab.nl/ eCL0WN]==== |
====[http://www.dexlab.nl/ eCL0WN]==== |
||
Applet for Nokia NFC phone |
Applet for Nokia NFC phone |
||
− | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ |
Revision as of 17:40, 22 January 2009
Back to Belgian eGov
Belgian ePassports
Characteristics
- Current versions demo
- Uses Opentrust PKI (former IDX-PKI from idealx)
- Price:
- 30€ droit de chancellerie
- taxes communales (Ixelles=26€, Leuven=11€?,...)
- 41€ frais de confection
- Much more expensive if urgent or 64 pages (~250€)
Security of Belgian ePassports
- http://www.theregister.co.uk/2007/06/10/belgian_epassport_flaws/
- http://www.dice.ucl.ac.be/crypto/passport/index.html
RFID-enabled Passports
ICAO standards
Country certificates
Stupid script to see what are the country certificates there (there are also CRLs):
#!/bin/bash
rm xx*
csplit pkd.000033.ldif '%userCertif%' '/^userCertif/' '{*}'
for i in xx*; do
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -out $i.pem -outform pem
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -text -noout > $i.txt
test $? -eq 0 && rm $i
done
Readers
Hacks
- http://www.acbm.com/inedits/rfid.html
- http://www.schneier.com/blog/archives/2006/06/build_your_own.html
Tools
OpenMRTD
library
JMRTD
Java host API & Javacard applet to build your own epassport infrastructure
RFIDIOt
apt-get install python-pyscard $ ./mrpkey.py -L PCSC devices: No: 0 OMNIKEY CardMan 5x21 00 00 No: 1 OMNIKEY CardMan 5x21 00 01 $ ./mrpkey.py -r 1 CHECK mrpkey v0.1n (using RFIDIOt v0.1s) Reader: PCSC OMNIKEY CardMan 5x21 00 01 Device is a Machine Readable Document $ ./mrpkey.py -r 1 "EXnnnnnn<cBELyymmddcSyymmddc<<<<<<<<<<<<<<cc"
To fix reader number, edit RFIDIOtconfig.py
In MRZ passport number is coded with 9 chars. Belgian uses only 8 chars so some passport readers need a document number padded with char "<" ("EXnnnnnn<")
To use mrpkey under Windows you need:
eCL0WN
Applet for Nokia NFC phone