top | item 44375469

(no title)

remcob | 8 months ago

Besides the data being signed as already mentioned, the protocol is interactive and custom to passport documents. So you can’t just put it on any programmable NFC tag. I also doubt you can buy programmable ones implementing the passport protocols. But maybe you can find general purpose programmable ones you can implement the protocol on.

There are also optional subprotocols that allow the chip to be authenticated (i.e. proof it knows a private key). These prevent copying valid signed data to a different chip.

discuss

lxgr|8 months ago

You can definitely run the protocol on a programmable smartcard (see for example https://jmrtd.org/), but without the required PKI certificates, nobody would accept your home-made passport.

crowbahr|8 months ago

Yeah but since the USA doesn't sign on to anything above basic auth (MRZ unlock) everyone also has to work on the more basic level. Kinda unfortunate.