Belgian ePassport

From YobiWiki
Jump to navigation Jump to search

Back to Belgian eGov

RFID-enabled Passports

ICAO standards

Country certificates

Stupid script to see what are the country certificates there (there are also CRLs):

#!/bin/bash 

rm xx*
csplit pkd.000033.ldif '%userCertif%' '/^userCertif/' '{*}'
for i in xx*; do
   cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -out $i.pem -outform pem
   cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -text -noout > $i.txt
   test $? -eq 0 && rm $i
done

Readers

Hacks

Tools

OpenMRTD

library

JMRTD

Java host API & Javacard applet to build your own epassport infrastructure

RFIDIOt

apt-get install python-pyscard
$ ./mrpkey.py -L
PCSC devices:
   No: 0               OMNIKEY CardMan 5x21 00 00
   No: 1               OMNIKEY CardMan 5x21 00 01
$ ./mrpkey.py -r 1 CHECK
mrpkey v0.1n (using RFIDIOt v0.1s)
 Reader: PCSC OMNIKEY CardMan 5x21 00 01
 Device is a Machine Readable Document
$ ./mrpkey.py -r 1 "EXnnnnnn<cBELyymmddcSyymmddc<<<<<<<<<<<<<<cc"

To fix reader number, edit RFIDIOtconfig.py
In MRZ passport number is coded with 9 chars. Belgian uses only 8 chars so some passport readers need a document number padded with char "<" ("EXnnnnnn<")

To use mrpkey under Windows you need:

eCL0WN

Applet for Nokia NFC phone

Belgian ePassports

Characteristics

  • Current versions demo
  • Uses Opentrust PKI (former IDX-PKI from idealx)
  • Price:
    • 30€ droit de chancellerie
    • taxes communales (Ixelles=26€, Leuven=11€?,...)
    • 41€ frais de confection
    • Much more expensive if urgent or 64 pages (~250€)

Security of Belgian ePassports