JMRTD: Machine Readable Travel Documents / Bugs / #60 PACE works sometimes and sometimes not on same document

#60 PACE works sometimes and sometimes not on same document

Milestone: v1.0_(example)

Status: open

Owner: Martijn Oostdijk

Labels: PACE (1) GENERAL AUTHENTICATE (1) PACE fails (1)

Priority: 1

Updated: 2021-07-19

Created: 2021-06-17

Creator: Anonymous

Private: No

On German travel document (Version 13 the newest one) we face an issue with PACE. Sometimes it works sometimes not (test always with the same document and same phones HUAWEI P30 pro and Google Pixel on both same behavior) ).
In cases it fails the GENERAL AUTHENTICATE command returns with 0x63 0x00. We checkted firs if MRZ was read correctly and this always the case.

Protocol:
-----> Open Passport Service
-----> Read Card Access
----> sendSelectFile()
---> sendSelectFile()
command apdu: 00A4020C02011C
response apdu: 9000
----> sendReadBinary()
---> sendReadBinary()
command apdu: 00B0000008
response apdu: 31143012060A04009000
----> sendReadBinary()
---> sendReadBinary()
command apdu: 00B000080E
response apdu: 7F0007020204020202010202010D9000
-----> doPACE()
----> doPACE()
---> sendMSESetATMutualAuth() MSE AT APDU for PACE (ICAO TR-SAC-1.01, Section 3.2.1
command apdu: 0022C1A40F800A04007F00070202040202830101
response apdu: 9000
----> 1. Encrypted Nonce
---> sendGeneralAuthenticate()
command apdu: 10860000027C0000
response apdu: 7C12801013C82796455F78EE044FECB3CDCCA58D9000
----> 2. Map Nonce
---> sendGeneralAuthenticate()
command apdu: 10860000457C438141043A29969E9A935222CFAF2D63AEDE62FF60BDEE28F6D550F2E33E12FA819E9C6B04324891DAAE54C45822E83BC64A5C98CB101CDC3F7BC3EBB0ECB4160E96361500
response apdu: 7C438241047251CC87067953256CA7AB7F567F74F818E669B17E7E1852FE5C5EB59FA1F77140C323C7EAB1977B9F590617940261E555D8A40658BB20CFF85E66DF69DB70AB9000
----> 3. Perform Key Agreement
---> sendGeneralAuthenticate()
command apdu: 10860000457C4383410411362DB5F698483FF987FEC2CA16E97E90BCEB8E0882B8242AD2387ED55370F588269AF929AF96565F323764CA5BA6CBB45FC84901630995FDC5C84A00203AB600
response apdu: 7C4384410454BF7CC91E668FD1580E97881042285CF0A0EF94E223D83CD49453712A117433401376F4A6133C79C828DB9B3B0CE1A94D2C88465409C331B90BA42B18CD00FE9000
----> 4. Mutual Authentication
---> sendGeneralAuthenticate()
command apdu: 008600000C7C0A85087CCE7FCE8CAD511D00
response apdu: 6300

Discussion

Martijn Oostdijk - 2021-07-19

What version of JMRTD Is this?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Martijn Oostdijk - 2021-07-19

assigned_to: Martijn Oostdijk
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous

PACE works sometimes and sometimes not on same document

ICAO ePassport API and application

Group

Searches

Help

#60 PACE works sometimes and sometimes not on same document

Discussion