Reading NFC Passport Chips in Linux

I always wondered isn't this kind of specification also have digital signature of the passport issuer or something? Otherwise how do other countries can verify it's not a fake one?

I read this article, but seems like any information about it is kind a omited.

The passports contain a digital signature and a DSC (Document Signing Certificate). This DSC is signed by a CSCA certificate which you can download from the ICAO Public Key Directory. Link here: https://pkddownloadsg.icao.int/

Yes. There is even an active function that allows you sign arbitrary bits to check if the passport actually contains the private key. Otherwise you could spoof a passport by just replaying the government signed data.

Source: I have been working on a blockchain implementation in the past that was compatible with the cryptographic functions in an NFC passport. Basically using a standard NFC passport as a cold wallet.

Fun fact. The cryptographic system even differs per country.

E.g. the Dutch don't trust the NIST elliptic curves so use the brainpool curves instead. Some other countries are still using RSA iirc.

Thanks for details.

Actual validation methods would be actually cool to read about. Since if we ignore legal diffuculties of storing the data then we can actually use passport cryptography as something like actual proof-of-human without pesky 3rd-parties.

but why would passport contain a private key ?

Is it just because the third parties that issue passports aren't pesky?

The public key information is signed by the government and readable.

This enables the passport to prove it's integrity by signing responses with its private key.

> Yes. There is even an active function that allows you sign arbitrary bits to check if the passport actually contains the private key.

That's true for older passports, but there's actually a newer scheme that uses Diffie-Hellman key agreement instead, since non-repudiation, which is hard to avoid with RSA signatures, is considered a non-goal for passports. (Some governments apparently don't want them to be used as a "backdoor e-signing scheme", hence the change to the new repudiable authentication scheme.)

Not on many new passports. Non-repudiable signatures were intentionally defined as a non-goal, and signature functionality is no longer present on newer passports.

To proof-of-human and some UUID you only need valid signature on passport data.

That makes sense. It has been almost a decade ago when I worked on this subject. Do you have examples of countries that do this?

Some countries (like Belgium) this _is_ a goal. They implemented a full PKI in their identity cards.

That only proves that a given human exists and was issued a given passport, not that that passport is actually present. For that you do need active or chip authentication, but only the former yields a signature that third parties can validate.

Even then, authorization is completely missing from the ICAO model – it's for authentication of identity documents only. It's explicitly not intended for "proof of humanity", since that requires authorization too, or it'd be vulnerable to any attacker that can briefly tap your identity document with their phone.

That's one of the reasons why active authentication was deprecated, presumably: Signatures without document owner authorization can be misleading/interpreted as confirming intent, not just document existence.

Some countries indeed also implement an e-signature scheme with their national identity cards (for example Germany), but this is a completely different scheme and accordingly protocol from the ICAO biometric travel document one.

Essentially, these countries run two applications on the document chip: One that lets anyone verify the authenticity of the document, using the ICAO PKI and active or chip authentication, and one that lets the document owner sign data, usually after entering a PIN or password (or anybody holding the document could do so on their behalf).

Other countries decouple e-signatures/remote authentication and electronically verifiable identity documents, e.g. Austria – which now has an ICAO-compatible identity card, but a completely separate e-signature schme based on, and it really pains me to say this... server-side private keys.

To be honest I was thinking more about it more as just measure for anti-spam and limiting bots, but obviously it will only work for certain audiences since in countries like UK like 20-25% of people simply dont hold the passport at all. I can guess in US a lot of people only have driver licenses too.

> I was thinking more about it more as just measure for anti-spam and limiting bots

It won't help with that at all, since without requiring active involvement of some credential or trusted party, all there is is a static signature saying "there's a person called $name born on $dob", but nothing saying "and that person wants to <send an email|register an account|...>".

There is a way to use ICAO documents supporting "Active Authentication" in such a way, and I've seen proofs of concept leveraging it, but it was an unintentional consequence of using RSA signatures for authentication and fixed/removed in newer cards.