Menu

Protocols

Open eID Fraunhofer

Protocols

PACE

The PACE protocol uses a shared secret (e.g, PIN) to derive strong keys for encryption and authentication used for the communication with the eID card. This is achieved by using a Diffie-Hellman key agreement. PACE is specified in BSI TR-03110[1]. The steps performed are:

  1. the eID card and the eID client exchange a nonce which is chosen by the eID card, the nonce is encrypted using the shared secret
  2. eID Card and eID client compute ephemeral domain parameters based on the exchanged nonce
  3. they perform a Diffie-Hellman key agreement using the ephemeral domain parameters and calculate the shared secret
  4. both sides derive session keys for encryption and message authentication
  5. they compute authentication tokens, exchange and verify them

Terminal Authentication

In Terminal Authentication, the eID card verifies that the eID-Server is allowed to read out the data stored on it. Terminal Authentication is specified in BSI TR-03110[1] and involves the following steps:

  1. the eID client sends the certificate chain received from the eID Server to the eID card
  2. the eID card verifies the certificate chain and extracts the public key of the eID server
  3. the eID client sends the ephemeral public key of the eID server
  4. the eID card sends a random challenge to the eID client which it forwards to the eID server
  5. the eID client sends the signature received from the eID-Server of the authentication token to the eID card
  6. the eID card verifies the signature

Chip Authentication

Chip Authentication allows the eID-Server to check the genuineness of the eID card. This protocol is also specified in BSI TR-03110[1]. The following steps are performed:

  1. the eID card sends it static Diffie-Hellman public key and the domain parameters to the eID client
  2. the eID client sends the ephemeral public key of the eID server to the eID card
  3. the eID card compares the received key and the key obtained in Terminal Authentication
  4. both sides calculate a new shared secret based on the public keys and domain parameters exchanged
  5. the eID card chooses a random nonce, derives session keys for encryption and message authentica tion, computes the authentication token and sends both nonce and token to the eID client which forwards this data to the eID client

When this protocol is finished successfully, an end-
to-end encryption between the eID card and the eID-
server is established.

Sources

[1] BSI TR-03110 Advanced Security Mechanisms for Machine Readable Travel Documents

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.