Belgian ePassport
Revision as of 17:39, 22 January 2009 by <bdi>PhilippeTeuwen</bdi> (talk | contribs) (→RFID-enabled Passports)
Back to Belgian eGov
RFID-enabled Passports
ICAO standards
Country certificates
Stupid script to see what are the country certificates there (there are also CRLs):
#!/bin/bash rm xx* csplit pkd.000033.ldif '%userCertif%' '/^userCertif/' '{*}' for i in xx*; do cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -out $i.pem -outform pem cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -text -noout > $i.txt test $? -eq 0 && rm $i done
Readers
Hacks
- http://www.acbm.com/inedits/rfid.html
- http://www.schneier.com/blog/archives/2006/06/build_your_own.html
Tools
OpenMRTD
library
JMRTD
Java host API & Javacard applet to build your own epassport infrastructure
RFIDIOt
apt-get install python-pyscard $ ./mrpkey.py -L PCSC devices: No: 0 OMNIKEY CardMan 5x21 00 00 No: 1 OMNIKEY CardMan 5x21 00 01 $ ./mrpkey.py -r 1 CHECK mrpkey v0.1n (using RFIDIOt v0.1s) Reader: PCSC OMNIKEY CardMan 5x21 00 01 Device is a Machine Readable Document $ ./mrpkey.py -r 1 "EXnnnnnn<cBELyymmddcSyymmddc<<<<<<<<<<<<<<cc"
To fix reader number, edit RFIDIOtconfig.py
In MRZ passport number is coded with 9 chars. Belgian uses only 8 chars so some passport readers need a document number padded with char "<" ("EXnnnnnn<")
To use mrpkey under Windows you need:
eCL0WN
Applet for Nokia NFC phone
Belgian ePassports
Characteristics
- Current versions demo
- Uses Opentrust PKI (former IDX-PKI from idealx)
- Price:
- 30€ droit de chancellerie
- taxes communales (Ixelles=26€, Leuven=11€?,...)
- 41€ frais de confection
- Much more expensive if urgent or 64 pages (~250€)