Reading NFC Passport Chips in Linux

(shkspr.mobi)

287 points robin_reala | 1 comments | 25 Jun 25 07:33 UTC | HN request time: 0.364s | source

Show context

SXX ◴[25 Jun 25 11:19 UTC] No.44375970[source]▶

I always wondered isn't this kind of specification also have digital signature of the passport issuer or something? Otherwise how do other countries can verify it's not a fake one?

I read this article, but seems like any information about it is kind a omited.

replies(2): >>44376059 #>>44376136 #

landgenoot ◴[25 Jun 25 11:42 UTC] No.44376136[source]▶

>>44375970 #

Yes. There is even an active function that allows you sign arbitrary bits to check if the passport actually contains the private key. Otherwise you could spoof a passport by just replaying the government signed data.

Source: I have been working on a blockchain implementation in the past that was compatible with the cryptographic functions in an NFC passport. Basically using a standard NFC passport as a cold wallet.

Fun fact. The cryptographic system even differs per country.

E.g. the Dutch don't trust the NIST elliptic curves so use the brainpool curves instead. Some other countries are still using RSA iirc.

replies(3): >>44376312 #>>44376728 #>>44379711 #

SXX ◴[25 Jun 25 12:05 UTC] No.44376312[source]▶

>>44376136 #

Thanks for details.

Actual validation methods would be actually cool to read about. Since if we ignore legal diffuculties of storing the data then we can actually use passport cryptography as something like actual proof-of-human without pesky 3rd-parties.

replies(2): >>44378089 #>>44379716 #

1. c22 ◴[25 Jun 25 14:56 UTC] No.44378089[source]▶

>>44376312 #

Is it just because the third parties that issue passports aren't pesky?

↑