can this tool support certificate generation for the card/ePassport?

[rathorearvind19]

See subject line.
Seems like the certificates that are generated are meant to be used in the terminal authentication protocol to authenticate the inspection system accessing data from a card. What changes will be required to generate certificates for the card itself which are verified by the inspection system to authenticate the card?

[polhenarejos]

Sure. pycvc can be used to generate CVC.

If you need to reformat your certificates from a cryptographic card, you must first to convert to .PEM format and then convert it to CVC. However, note that certificate must be signed by a private key, probably located inside your card. If your card allows signatures, you must pass the SHA256 hash of your certificate body to your card and obtain the signature. Finally, you have to embed your CV body and the signature into the CVC container.

To generate a certificate:

ASN1().add_tag(0x7f21, self.body(pubkey, scheme, car, chr, role, days, since, extensions, req or chr==car).sign(signkey, signscheme).encode()).encode()

Instead of doing this in a single step, split it in two:

scheme = oid.ID_TA_ECDSA_SHA_256 
# pubkey is an instance of [EllipticCurvePublicKey](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey)
body = CVC().body(pubkey, scheme, car, chr, role, days, since, extensions, req or chr==car).encode()
hash = sha256(body).digest()
signature = call_your_card(hash, ECDSA_SHA_256) # Adapt it to your card protocol
cert = ASN1().add_tag(0x7f21, body + ASN1().add_tag(0x5f37, signature).encode()).encode()