-
Notifications
You must be signed in to change notification settings - Fork 227
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incomplete inferOID #100
Comments
Not sure what you mean by incomplete. The ChipAuthenticationInfo contains the details of what implementation should be used. However, however the Object ID for the Public Key only tells us that we are using either DH or ECDSA so we guess for the rest and based on the passports I've seen, in these cases they are all 3DES based so these are the ones I pick (as does JMRTD). However, if there is a more complete way of guessing then I'd really like to know! |
I have one remote (not mine) epassport that failed on |
Would be interested to know what the type it actually was using was! If you are able to share the DG14 element and also the nationality of that passport that may be useful (not sure though). The only issue with try each one if we are inferring, then it would probably break the secure session - passports tend to abort the session on an error with no warning which means that you would need to re-establish BAC each time adding a fair bit of complexity. |
I'm able to grab DG14 here. |
According to an ICAO protocol specification, it won't harm the state of the secure messaging on failed |
From this ICAO spec, isn't epassports with missing |
I just tested using JMRTD that looping through each possible oid does not reset the secure messaging, until it finds the correct oid and is able to do a successful |
If you want to submit a pull request I'm happy to see if I can get this tested on some of the passports I've found that also have the missing ChipAutheniticationInfo with a view to implementing it in a future version if all works ok. |
@typelogic I'm curious which country passports did have this problem? |
The current implementation of inferOID looks incomplete. The 9303_p11_cons_en.pdf seems to describe the complete listing.
How do we approach to correctly infer the OID when
ChipAuthenticationInfo
is missing? The JMRTD's inferChipAuthenticationOIDfromPublicKeyOID method is also incomplete.The text was updated successfully, but these errors were encountered: