Estonian eID (EstEID)

Viktor Tarasov edited this page Dec 11, 2012 · 3 revisions
Clone this wiki locally

Estonian eID (EstEID)

OpenSC is part of the official software for the Estonian eID card for non-CryptoAPI platforms as well as PKCS#11 provider on all three supported platforms: Windows, Mac OS X, Linux/BSD/*nix. The source code used for the official software comes unmodified from OpenSC SourceCode repository. The card is without PKCS#15 structures (as the card layout was created before PKCS#15 existed) and is read-only synthesized card from OpenSC perspective.

From the public administration point of view the card has been procured by the Ministry of Interior, is issued by Police and Border Guard Board, is manufactured by Trüb and software has been procured by Ministry of Economic Affairs and Communications, the current actual contractor being AS Sertifitseerimiskeskus.

Resources:

Card capabilities

Estonian eID card is based on MICARDO card driver or a MULTOS application (“Digi-ID”) or JavaCard applet (“year 2011 new ID card”) mimicking Micardo. There is a “card tutorial” (in Estonian) available with APDU excerpts from the original MICARDO manual, which covers v1.0 cards. Version 1.1 and 3.0 cards don’t have such manuals.

This is what is present on the version 1.0 card (Isikutuvastus = authentication, Allkirjastamine = non-repudiation digital signature):

martin$ pkcs15-tool -D
Using reader with a card: SCM SPR 532 00 00
PKCS#15 Card [MARTIN PALJAK]:
	Version        : 2
	Serial number  : A1528610
	Manufacturer ID: AS Sertifitseerimiskeskus
	Flags          : Read-only, PRN generation, EID compliant

PIN [PIN1]
Com. Flags: 0×0
ID : 01
Flags : [0×00]
Length : min_len:4, max_len:12, stored_len:12
Pad char : 0×00
Reference : 1
Type : ascii-numeric
Path :
Tries left: 3

PIN [PIN2]
Com. Flags: 0×0
ID : 02
Flags : [0×00]
Length : min_len:5, max_len:12, stored_len:12
Pad char : 0×00
Reference : 2
Type : ascii-numeric
Path :
Tries left: 3

PIN [PUK]
Com. Flags: 0×40
ID : 03
Flags : [0×40], unblockingPin
Length : min_len:8, max_len:12, stored_len:12
Pad char : 0×00
Reference : 0
Type : ascii-numeric
Path :
Tries left: 3

Private RSA Key [Isikutuvastus]
Com. Flags : 1
User consent: no
Usage : [0×3F], encrypt, decrypt, sign, signRecover, wrap, unwrap
Access Flags: [0×1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 1024
Key ref : 1
Native : yes
Path :
Auth ID : 01
ID : 01

Private RSA Key [Allkirjastamine]
Com. Flags : 1
User consent: yes
Usage : [0×200], nonRepudiation
Access Flags: [0×1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 1024
Key ref : 2
Native : yes
Path :
Auth ID : 02
ID : 02

X.509 Certificate [Isikutuvastus]
Flags : 0
Authority: no
Path : 3f00eeeeaace
ID : 01

X.509 Certificate [Allkirjastamine]
Flags : 0
Authority: no
Path : 3f00eeeeddce
ID : 02

Known ATR-s

Supported algorithms

  • Versions 1.0 and 1.1 support PKCS1 padding and SHA1 hashes with 1024bit RSA keys.
  • Version 3.0 suports PKCS1 padding and SHA1, SHA-224 (not used as PKCS#11 does not support SHA-224 in v2.20) and SHA-256 hashes with 2048bit RSA keys

Known issues and incompatibilities

  • Application selection, ATR and other generic issues not directly from EstEID application.
  • 1.1 card answers with 0×9000 to any AID selection, even if the application is not present on the card. This causes problems for software that detects cards by trying to select the AID of the expected application (CAC Tokend on Mac OS X, built-in PIV MiniDriver in Windows 7). Additionally, after a “wrong application” is selected, the v1.1 card replies with 0×6A83 “Record not found” to all further commands, including commands that try to select the correct application. The only way to recover is to reset the card.
  • 1.1 card has “mixed up” ATR-s: the warm ATR of the card is identical to a version 1.0 cold ATR whereas the warm ATR is a short one. Also, protocol information differs between cards (cold ATR does not claim claim T=1 support, warm ATR does)
  • First 46 issued version 3.0 cards had several problems (missing EstEID application) and were recalled (source)
  • Version 3.0 cards have the same problem as version 1.1 cards: they happily answer with 0×9000 to all AID selection APDU-s (similar to v1.1 cards, without the “Record not found” extra feature)
  • In Windows 7, version 1.1 and 3.0 cards get auto-detected as “NIST SP 800-73 ![PIV]” cards (screenshot), because they happily respond with 0×9000 (OK) to any AID selection commands.
  • Application issues
  • Version 3.0 cards react to undocumented APDU-s. For example, once the CAC.tokend on Mac OS X has got hold of the card (after it answers with 0×9000 to the CAC Applet selection) it tries to probe the status of CHV0 by issuing 80:20:00:00 APDU (ISO VERIFY with a proprietary CLA byte) to the card. Version 1.0 and 1.1 cards reject this APDU (either “Wrong CLA” or “Incorrect length”) but version 3.0 card decreases the PIN counter and answers with “incorrect reference data” (0×6984), which causes the built-in CAC.tokend to re-try the CAC AID selection (which succeeds) and repeat the CHV0 status request (fails) until the PIN with reference 0 (PUK for EstEID cards) gets blocked.
  • Version 3.0 cards decrease the PIN counter and respond with 0×6984 to incorrect input PIN lengths, which version 1 card responds with 0×6A80 (“incorrect data in command field”) and Version 1.1 card correctly responds with 0×63CX and decrease the retry counter.
  • Version 3.0 cards respond with 0×630X for failing PIN verifications instead of 0×63CX like other cards (and ISO standard). This breaks most standard software.
  • Version 1.0 and 1.1 cards require any new PIN (when changing or unblocking a PIN code) to be different from the on-card PIN. This is not the case with v3.0 cards.
  • Version 3.0 cards respond with a double 0×62 FCI tag to a SELECT FILE, which causes problems for parsing the response. This breaks tag parsing.
  • Version 1.1 and 3.0 cards respond to key operations (like INTERNAL AUTHENTICATE) if the required PIN has not been verified with 0×6985 “Conditions of use not satisfied” instead of 0×6982 “Security status not satisfied”. This breaks standard PIN caching code.
  • Version 3.0 cards have the personal data file (3F00/EEEE/5004) records padded with spaces. Version 1.0 cards have the records with the exact length.