Difference between revisions of "Belgian ePassport"

From YobiWiki
Jump to navigation Jump to search
Line 9: Line 9:
 
* [http://www.hasbrouck.org/documents/ICAO9303-pt3.pdf ICAO9303-pt3.pdf]
  
* [http://www.hasbrouck.org/documents/ICAO9303-pt3.pdf ICAO9303-pt3.pdf]
 
** [http://74.125.77.132/search?q=cache:vWDRlnA6feQJ:www.hasbrouck.org/documents/ICAO9303-pt3.pdf html]
  
** [http://74.125.77.132/search?q=cache:vWDRlnA6feQJ:www.hasbrouck.org/documents/ICAO9303-pt3.pdf html]
  +
===Country certificates===
  +
* see http://jmrtd.org/csca.shtml
  +
* [http://www2.icao.int/en/MRTD/Pages/icaoPKD.aspx ICAO PKD]
  +
* [https://pkddownloadsg.icao.int/ICAO/pkdLDIFDownload.jsp ICAO PKD LDIF download]
  +
Stupid script to see what are the country certificates there (there are also CRLs):
  +
#!/bin/bash
  +
  +
rm xx*
  +
csplit pkd.000033.ldif '%userCertif%' '/^userCertif/' '{*}'
  +
for i in xx*; do
  +
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -out $i.pem -outform pem
  +
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -text -noout > $i.txt
  +
test $? -eq 0 && rm $i
  +
done
   
 
===Readers===
  
===Readers===

Revision as of 17:39, 22 January 2009

Back to Belgian eGov

RFID-enabled Passports

ICAO standards

Country certificates

Stupid script to see what are the country certificates there (there are also CRLs): 

#!/bin/bash 

rm xx*
csplit pkd.000033.ldif '%userCertif%' '/^userCertif/' '{*}'
for i in xx*; do
   cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -out $i.pem -outform pem
   cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -text -noout > $i.txt
   test $? -eq 0 && rm $i
done

Readers

Hacks

Tools

OpenMRTD

library

JMRTD

Java host API & Javacard applet to build your own epassport infrastructure

RFIDIOt

apt-get install python-pyscard
$ ./mrpkey.py -L
PCSC devices:
   No: 0               OMNIKEY CardMan 5x21 00 00
   No: 1               OMNIKEY CardMan 5x21 00 01
$ ./mrpkey.py -r 1 CHECK
mrpkey v0.1n (using RFIDIOt v0.1s)
 Reader: PCSC OMNIKEY CardMan 5x21 00 01
 Device is a Machine Readable Document
$ ./mrpkey.py -r 1 "EXnnnnnn<cBELyymmddcSyymmddc<<<<<<<<<<<<<<cc"

To fix reader number, edit RFIDIOtconfig.py
In MRZ passport number is coded with 9 chars. Belgian uses only 8 chars so some passport readers need a document number padded with char "<" ("EXnnnnnn<")

To use mrpkey under Windows you need:

eCL0WN

Applet for Nokia NFC phone

Belgian ePassports

Characteristics

  • Current versions demo
  • Uses Opentrust PKI (former IDX-PKI from idealx)
  • Price:
    • 30€ droit de chancellerie
    • taxes communales (Ixelles=26€, Leuven=11€?,...)
    • 41€ frais de confection
    • Much more expensive if urgent or 64 pages (~250€)

Security of Belgian ePassports

Retrieved from "https://wiki.yobi.be/index.php?title=Belgian_ePassport&oldid=5390"