←back to thread

Reading NFC Passport Chips in Linux

(shkspr.mobi)
287 points robin_reala | 7 comments | 25 Jun 25 07:33 UTC | HN request time: 0.456s | source | bottom
Show context
SXX ◴[25 Jun 25 11:19 UTC] No.44375970[source]
I always wondered isn't this kind of specification also have digital signature of the passport issuer or something? Otherwise how do other countries can verify it's not a fake one?

I read this article, but seems like any information about it is kind a omited.

replies(2): >>44376059 #>>44376136 #
landgenoot ◴[25 Jun 25 11:42 UTC] No.44376136[source]
Yes. There is even an active function that allows you sign arbitrary bits to check if the passport actually contains the private key. Otherwise you could spoof a passport by just replaying the government signed data.

Source: I have been working on a blockchain implementation in the past that was compatible with the cryptographic functions in an NFC passport. Basically using a standard NFC passport as a cold wallet.

Fun fact. The cryptographic system even differs per country.

E.g. the Dutch don't trust the NIST elliptic curves so use the brainpool curves instead. Some other countries are still using RSA iirc.

replies(3): >>44376312 #>>44376728 #>>44379711 #
1. SXX ◴[25 Jun 25 12:05 UTC] No.44376312[source]
Thanks for details.

Actual validation methods would be actually cool to read about. Since if we ignore legal diffuculties of storing the data then we can actually use passport cryptography as something like actual proof-of-human without pesky 3rd-parties.

replies(2): >>44378089 #>>44379716 #
2. c22 ◴[25 Jun 25 14:56 UTC] No.44378089[source]
Is it just because the third parties that issue passports aren't pesky?
3. lxgr ◴[25 Jun 25 17:19 UTC] No.44379716[source]
Not on many new passports. Non-repudiable signatures were intentionally defined as a non-goal, and signature functionality is no longer present on newer passports.
replies(1): >>44379898 #
4. SXX ◴[25 Jun 25 17:39 UTC] No.44379898[source]
To proof-of-human and some UUID you only need valid signature on passport data.
replies(1): >>44380305 #
5. lxgr ◴[25 Jun 25 18:16 UTC] No.44380305{3}[source]
That only proves that a given human exists and was issued a given passport, not that that passport is actually present. For that you do need active or chip authentication, but only the former yields a signature that third parties can validate.

Even then, authorization is completely missing from the ICAO model – it's for authentication of identity documents only. It's explicitly not intended for "proof of humanity", since that requires authorization too, or it'd be vulnerable to any attacker that can briefly tap your identity document with their phone.

That's one of the reasons why active authentication was deprecated, presumably: Signatures without document owner authorization can be misleading/interpreted as confirming intent, not just document existence.

replies(1): >>44380366 #
6. SXX ◴[25 Jun 25 18:23 UTC] No.44380366{4}[source]
To be honest I was thinking more about it more as just measure for anti-spam and limiting bots, but obviously it will only work for certain audiences since in countries like UK like 20-25% of people simply dont hold the passport at all. I can guess in US a lot of people only have driver licenses too.
replies(1): >>44380460 #
7. lxgr ◴[25 Jun 25 18:31 UTC] No.44380460{5}[source]
> I was thinking more about it more as just measure for anti-spam and limiting bots

It won't help with that at all, since without requiring active involvement of some credential or trusted party, all there is is a static signature saying "there's a person called $name born on $dob", but nothing saying "and that person wants to <send an email|register an account|...>".

There is a way to use ICAO documents supporting "Active Authentication" in such a way, and I've seen proofs of concept leveraging it, but it was an unintentional consequence of using RSA signatures for authentication and fixed/removed in newer cards.