How can I read more data in the application like dgxx with npa-tool

[AKing23T]

Problem Description

I do not know how to read more data and how to set args about TA/CA using npa-tool file.

Proposed Resolution

Steps to reproduce

In the windows, I use the URT tool with the reader Feitian R805 and the card Spanish eID which are used in Ubuntu to nap-tool.
I can get some info from PACE to CA.
I only need to choose the PIN and the alg in the process.
But How can I get the same info in Ubuntu, can you give me some sample about the arg, e.g. "-C" and "-A", "-P".

[frankmorgner]

URT uses EAC version 1. In OpenSC, we are only using EAC version 2 to support the German ID card. Please note that in OpenSC we don't support passports, because they typically don't have a X.509 certificate with private key.

If I'm not mistaken, CAv1 is optional when reading a MRTD; running PACE should be everything that's needed for reading the data groups. Additionally, you need to select the eMRTD application instead of eID, which is currently used:

diff --git a/src/tools/npa-tool.c b/src/tools/npa-tool.c
index 65ab73a0..cb80e2f0 100644
--- a/src/tools/npa-tool.c
+++ b/src/tools/npa-tool.c
@@ -728,6 +728,14 @@ nopace:
                        if (r < 0)
                                goto err;
                        printf("Selected eID application.\n");
+               } else {
+                       unsigned char emrtd_aid[] = { 0xA0, 0x00, 0x00, 0x02, 0x47, 0x10, 0x01};
+
+                       sc_path_set(&path, SC_PATH_TYPE_DF_NAME, emrtd_aid, sizeof emrtd_aid, 0, 0);
+                       r = sc_select_file(card, &path, NULL);
+                       if (r < 0)
+                               goto err;
+                       printf("Selected eMRTD application.\n");
                }
 
                if (cmdline.read_dg1_flag)

Now, you could try:

npa-tool --can=123456 --read-dg14

[AKing23T]

I add the code and run like "npa-tool --can=123456 --read-dg14" and it tips "Could not read DG 14 DG 14 (EF offset too large)".
I doubt whether the memory is enough. The problem exists when read datagroup2.

tw-z-opensc-debug.log

[AKing23T]

If I want to select the eID application, what are the cv_certificate and the private_key and how or where can I get them?

As I do not know how to use the param about (TA) and (CA), like
--cv-certificate, --cert-desc, --chat , --auxiliary-data, --private-key, --cvc-dir, --x509-dir

[frankmorgner]

I've found some more corner cases. please try #2257

[frankmorgner]

The eMRTD application is meant only for governmental use, and not typically used by private individuals. In some states, it is even forbidden by law for individuals to read it. If you are allowed to, you can get terminal certificates from your government.