android - How to implement passive authentication in smart card reader? -
i found on icao 9303_11 5.1: inspection system performs following steps:
the inspection system shall read document security object (so d ) (which must contain document signer certificate (c ds ), see doc 9303-10) contactless ic.
the inspection system shall build , validate certification path trust anchor document signer certificate used sign document security object (so d ) according doc 9303-12.
- the inspection system shall use verified document signer public key (kpu ds ) verify signature of document security object (so d ).
- the inspection system may read relevant data groups contactless ic.
- the inspection system shall ensure contents of data group authentic , unchanged hashing contents , comparing result corresponding hash value in document security object (so d ).
i'm stuck on step 2. certificate path , how build , validate certification path trust anchor document signer certificate?
me out?
a certificate path or chain sequence of public keys, each 1 used verify correctness of following.
the first key in chain, country signing ca key stored in passport during production , has available.
roughly sketched process is:
- select root
- follow certificate chain of passport itself, i. e. verify signature of certificate , in positive case extract contained public key next step.
Comments
Post a Comment