This project aims at an open implementation of the Password Authenticated Connection Establishment (PACE), Terminal Authentication (TA) and Chip Authentication (CA) as parts of the Extended Access Control (EAC) for Machine Readable Travel Documents (see BSI TR-03110). OpenPACE extends OpenSSL with PACE, TA, CA and with operations for the related Card Cerifiable (CV) certificates.
- Successfully tested with the German electronic identity card (nPA)
- PACE key agreement implemented independant from a smart card context
- Includes structures and methods for parsing CV certificates
- Internal structures can be initialized using a given EF.CardAccess
- Offers functionality to encrypt, decryt, authenticate and pad the data of the established Secure Messaging (SM) channel
- Supports all versions of BSI TR-03110
- Supports integrated and generic mapping of ECDH and DH
- Supports all standardized domain parameters
- Supports AES with CMAC and 3DES with retail MAC
Be the first to post a review of OpenPACE!