←back to thread

Reading NFC Passport Chips in Linux

(shkspr.mobi)
287 points robin_reala | 3 comments | 25 Jun 25 07:33 UTC | HN request time: 0.215s | source
Show context
dzhiurgis ◴[25 Jun 25 09:35 UTC] No.44375315[source]
Hol up. So what stops you from uploading custom photo + metadata onto random chip and planting it in a fake passport?
replies(5): >>44375334 #>>44375336 #>>44375342 #>>44375469 #>>44376015 #
1. remcob ◴[25 Jun 25 10:01 UTC] No.44375469[source]
Besides the data being signed as already mentioned, the protocol is interactive and custom to passport documents. So you can’t just put it on any programmable NFC tag. I also doubt you can buy programmable ones implementing the passport protocols. But maybe you can find general purpose programmable ones you can implement the protocol on.

There are also optional subprotocols that allow the chip to be authenticated (i.e. proof it knows a private key). These prevent copying valid signed data to a different chip.

replies(2): >>44376431 #>>44379741 #
2. crowbahr ◴[25 Jun 25 12:19 UTC] No.44376431[source]
Yeah but since the USA doesn't sign on to anything above basic auth (MRZ unlock) everyone also has to work on the more basic level. Kinda unfortunate.
3. lxgr ◴[25 Jun 25 17:22 UTC] No.44379741[source]
You can definitely run the protocol on a programmable smartcard (see for example https://jmrtd.org/), but without the required PKI certificates, nobody would accept your home-made passport.