Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid passport on recently issued valid passport #19

Open
akeilox opened this issue Jun 10, 2020 · 11 comments
Open

Invalid passport on recently issued valid passport #19

akeilox opened this issue Jun 10, 2020 · 11 comments

Comments

@akeilox
Copy link

akeilox commented Jun 10, 2020

50FFBCA6-4BF0-4145-8679-6C28E4A0F341

When a January 2020 issued valid passport scanned it shows Invalid passport.
Running the latest version and it scans other passport issued before just fine.

What It could be missing ?
@jllarraz
Copy link
Owner

jllarraz commented Jun 10, 2020 via email

@akeilox
Copy link
Author

akeilox commented Jun 14, 2020

I am using the latest version with the NFC timeout increase already in place.
And I am not doing the CSCA verification either.

I can get the picture and details of the passport just fine. But it shows Invalid passport strangely when its just a brand new (january 2020 issue) valid passport.

To clarify I dont get Invalid for other passports of same country from previous issues or others.

What could be the issue in this case ?

@akeilox
Copy link
Author

akeilox commented Aug 19, 2020

@jllarraz is there something else I can check for this Invalid passport message on 2020 issued passports?
Like I mentioned above, picture and details read fine but the Invalid/Red marking shows up.

@RomainL972
Copy link

RomainL972 commented Oct 12, 2020
edited
Loading

Hello @akeilox,
By any chance is your passport from France or maybe another European country? Because I have the same problem with my passport issued in December 2019

@akeilox
Copy link
Author

akeilox commented Oct 12, 2020
edited
Loading

Hi @RomainL972 its not an European passport, but Asian the ones i have tested.
All of the ones I have tested with this Chip Invalid sign showing are the December 2019 to 2020 newly issued passports. It is consistent that when I check another newly issued passport (march 2020) it too gives the same Chip invalid but it reads the picture and details fine.
Does it read the details and picture fine for your case ?

If yes then its a common global issue, and not a european or asian thing.

@jllarraz
Copy link
Owner

The picture is stored in another datagram, so is the basic information. Interesting if they have changed the specification, would like to know which is the new one

@RomainL972
Copy link

Yes I'm able to read the details and picture, and the chip authentication only works if I explicitly set the encryption algorithm, which I shouldn't have to do as it may not be compatible with all passports

@akeilox
Copy link
Author

akeilox commented Oct 12, 2020

I think we may have something in common with the France and Singapore, in the sense both countries biometric passports are done by the same French company Thales Group www.thalesgroup.com

But looking at their website, they have also done many other country passports too in Europe or Asia, and must have complied with ICAO

@akeilox
Copy link
Author

akeilox commented Oct 12, 2020

This page kinda gives a trail of which countries they have done recently;

https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/customer-cases

What do you think might have changed / updated ?

@akeilox
Copy link
Author

akeilox commented Oct 12, 2020

Some of the articles show company name Gemalto in the link above, which was acquired by Thales Group. US, UK etc. most prominent ones seems to be made by them.

@jllarraz
Copy link
Owner

According to the Documentation
Security Infos for Active Authentication If ECDSA based signature algorithm is used for Active Authentication by the eMRTD chip, the SecurityInfos MUST contain the following SecurityInfo entry: • ActiveAuthenticationInfo Security Infos for Chip Authentication To indicate support for Chip Authentication SecurityInfos may contain the following entries: • At least one ChipAuthenticationInfo and the corresponding ChipAuthenticationPublicKeyInfo using explicit domain parameters MUST be present. Security Infos for Other Protocols SecurityInfos may contain additional entries indicating support for other protocols. The inspection system may discard any unknown entry.

So unless that they are no longer using a ECDSA algorithm, they should be adding the ChipAuthenticationInfo. As I don't have access to any recently issued passport I am afraid that I can't help you with this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@akeilox @jllarraz @RomainL972