-
Notifications
You must be signed in to change notification settings - Fork 705
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How can I read more data in the application like dgxx with npa-tool #2253
Comments
URT uses EAC version 1. In OpenSC, we are only using EAC version 2 to support the German ID card. Please note that in OpenSC we don't support passports, because they typically don't have a X.509 certificate with private key. If I'm not mistaken, CAv1 is optional when reading a MRTD; running PACE should be everything that's needed for reading the data groups. Additionally, you need to select the eMRTD application instead of eID, which is currently used: diff --git a/src/tools/npa-tool.c b/src/tools/npa-tool.c
index 65ab73a0..cb80e2f0 100644
--- a/src/tools/npa-tool.c
+++ b/src/tools/npa-tool.c
@@ -728,6 +728,14 @@ nopace:
if (r < 0)
goto err;
printf("Selected eID application.\n");
+ } else {
+ unsigned char emrtd_aid[] = { 0xA0, 0x00, 0x00, 0x02, 0x47, 0x10, 0x01};
+
+ sc_path_set(&path, SC_PATH_TYPE_DF_NAME, emrtd_aid, sizeof emrtd_aid, 0, 0);
+ r = sc_select_file(card, &path, NULL);
+ if (r < 0)
+ goto err;
+ printf("Selected eMRTD application.\n");
}
if (cmdline.read_dg1_flag) Now, you could try:
|
I add the code and run like "npa-tool --can=123456 --read-dg14" and it tips "Could not read DG 14 DG 14 (EF offset too large)". |
If I want to select the eID application, what are the cv_certificate and the private_key and how or where can I get them? As I do not know how to use the param about (TA) and (CA), like |
I've found some more corner cases. please try #2257 |
The eMRTD application is meant only for governmental use, and not typically used by private individuals. In some states, it is even forbidden by law for individuals to read it. If you are allowed to, you can get terminal certificates from your government. |
Adds the new options --application and --read-all-dgs fixes OpenSC#2253
Problem Description
I do not know how to read more data and how to set args about TA/CA using npa-tool file.
Proposed Resolution
Steps to reproduce
In the windows, I use the URT tool with the reader Feitian R805 and the card Spanish eID which are used in Ubuntu to nap-tool.
I can get some info from PACE to CA.
I only need to choose the PIN and the alg in the process.
But How can I get the same info in Ubuntu, can you give me some sample about the arg, e.g. "-C" and "-A", "-P".
The text was updated successfully, but these errors were encountered: