←back to thread

Reading NFC Passport Chips in Linux

(shkspr.mobi)
287 points robin_reala | 6 comments | 25 Jun 25 07:33 UTC | HN request time: 0.241s | source | bottom
Show context
wkat4242 ◴[25 Jun 25 10:20 UTC] No.44375589[source]
Many passports also contain digitized fingerprint scans. But those are even harder to access. You need a private key that only governments have.
replies(2): >>44376354 #>>44377674 #
jwr ◴[25 Jun 25 14:23 UTC] No.44377674[source]
> that only governments have

:-)

replies(2): >>44377814 #>>44377820 #
connicpu ◴[25 Jun 25 14:34 UTC] No.44377820[source]
A corrupt government official selling a copy of that key to the highest bidder just sounds like the free market to me /s
replies(3): >>44378535 #>>44379278 #>>44380483 #
1. charcircuit ◴[25 Jun 25 16:42 UTC] No.44379278[source]
Why would they make such an important key be copyable?
replies(2): >>44379843 #>>44380875 #
2. lxgr ◴[25 Jun 25 17:33 UTC] No.44379843[source]
To be useful, that key needs to be present in countless border checkpoint or even police devices, so it's inherently very hard to keep secret.

That's a known trade-off, and I believe some countries accordingly restrict access to their own national authorities (which usually already have access to that data via other means, since they're issuing the document).

replies(1): >>44381275 #
3. hamburglar ◴[25 Jun 25 19:11 UTC] No.44380875[source]
The way computer security people and government officials understand keys and key handling practices is vastly different.
4. Nextgrid ◴[25 Jun 25 19:58 UTC] No.44381275[source]
You wouldn't need the key to be copyable though - it can be an online check - ie. passport sends challenge, terminal sends challenge to government-hosted HSM, HSM sends response.
replies(2): >>44381595 #>>44381859 #
5. lxgr ◴[25 Jun 25 20:37 UTC] No.44381595{3}[source]
Good point, but that's in the end a typical availability/security tradeoff, and I could imagine that at least some verifying authorities would rather err on the side of the former.
6. chrisandchris ◴[25 Jun 25 21:09 UTC] No.44381859{3}[source]
Imagine, there are a lot of borders and pösces where duch control happens where internet is not guaranteed.