2018 Estonian ID-card and NFC
- NO specs whatsoever in TD-ID1-Chip-App v0.8, except a slight hint:
id-PACE-Nist-P256 AES-CBC-CMAC-256"To exchange APDU in Contactless with PKI application in a secure channel. No applicative privileges are granted" on page 12 in "IFD (Interface Device)" section.
- Incorrect claim on page 14 regarding EF.CardAccess:
PACEDomainParameterInfo: BRAINPOOL_P384_R1 (BrainpoolP384r1)
- actual curve used is P256
- ISO 14443-A with random 4 byte UID
- PACE with
id-PACE-ECDH-GM-AES-CBC-CMAC-256with CAN (6 digit number printed on card)
- TR 03110-3 defines it: https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html
- All PKI doable over NFC after CAN authentication with PACE
- 6 digit number on the lower front right corner. printed with OCR-B font
- Not possible to change!
VALEDAATOR WILL BE BACK
- check balance and top up public transport cards
- read data from eID card
- Java SDK for working with eID cards
Leaving the card on a powered NFC reader for overnight can have disastrous consequences. This is how the ATR of the card looks like on the contact interface:
[*] [ ] ACS ACR 38U-CCID 01 00 3B0FD8D8D8D8D8D8D8D8D8D8D8D8D8D8D8
versus a working card:
[*] [ ] ACS ACR 38U-CCID 01 00 3BDB960080B1FE451F830012233F536549440F9000F1
In other words - the card is fried/bricked/useless. If leaving in the powered RF field is to blame, is unverified (would mean trying to brick another card).