android - How to implement passive authentication in smart card reader? -


i found on icao 9303_11 5.1: inspection system performs following steps:

  1. the inspection system shall read document security object (so d ) (which must contain document signer certificate (c ds ), see doc 9303-10) contactless ic.

  2. the inspection system shall build , validate certification path trust anchor document signer certificate used sign document security object (so d ) according doc 9303-12.

  3. the inspection system shall use verified document signer public key (kpu ds ) verify signature of document security object (so d ).
  4. the inspection system may read relevant data groups contactless ic.
  5. the inspection system shall ensure contents of data group authentic , unchanged hashing contents , comparing result corresponding hash value in document security object (so d ).

i'm stuck on step 2. certificate path , how build , validate certification path trust anchor document signer certificate?
me out?

a certificate path or chain sequence of public keys, each 1 used verify correctness of following.

the first key in chain, country signing ca key stored in passport during production , has available.

roughly sketched process is:

  • select root
  • follow certificate chain of passport itself, i. e. verify signature of certificate , in positive case extract contained public key next step.

Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -