Belpic eID 1.8 cards
309 views
Skip to first unread message
Frank Cornelis
Jun 1, 2021, 12:04:50 PM6/1/21
to eID Middleware Dev
Hi,
I just found something troublesome about the new Belpic eID v1.8 cards.
Seems like sometimes the RRN signatures on the datafiles are too long, i.e., longer than indicated in the DER sequence length field.
This makes the ECDSA signature validation (via Sun JCA provider) to explode.
I witnessed this today on my own new eID card when trying to verify the RRN signature on my address file.
I’ve created a patch for this within the Commons eID. See:
However, this should not happen with production eID cards I guess…
Kind Regards,
Frank.
Frederik Vernelen
Jun 1, 2021, 4:45:57 PM6/1/21
to eID Middleware Dev
Hello Frank,
Indeed, the address signature files are always 104 bytes long, as their content might get updated (after an address change).
The address signature file itself is fixed size, so it can not grow should the initial one be less than 104 bytes.
If the address signature is shorter than 104 bytes, the signature file is padded with zeros.
For other readers: the correct length of the signature can be found by adding 2 to the value of the second byte of the asn.1 encoded signature.
(Like it is done e.g. in Frank's patch, and in the macOS eID Viewer)
I notice this is not yet explained in the documentation.
Thank you for reporting, we will add it to the documentation.
Wkr,
Frederik
--
You received this message because you are subscribed to the Google Groups "eID Middleware Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to eid-middleware-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/eid-middleware-dev/E96C3CE6-03E5-4184-94C3-3822ED098F93%40e-contract.be.
Frank Cornelis
Jun 1, 2021, 5:22:23 PM6/1/21
to Frederik Vernelen, eID Middleware Dev
Hi Frederik,
After sending my initial email, I also started thinking about the belpic applet (long time ago) and how files are organized on JavaCards in general.
Indeed, just like the address file, the signature files are “maxed out” to be able to contain whatever is needed.
While the address file padding is well explained within the documentation, something similar is indeed missing for the ECDSA RRN signature files.
Kind Regards,
Frank.
To view this discussion on the web visit https://groups.google.com/d/msgid/eid-middleware-dev/CAMhP2VCoCa%3D6nDL5YLN6MF4mAyoJZckTvDKM-VkO4oGBN_RMSA%40mail.gmail.com.
Frank Cornelis
Jun 2, 2021, 5:49:42 AM6/2/21
to eID Middleware Dev
Hi,
For those interested, I’ve released a new version 1.0.3 of Commons eID containing a fix/work-around for this issue.
See also:
Kind Regards,
Frank.
To view this discussion on the web visit https://groups.google.com/d/msgid/eid-middleware-dev/9C70AB6F-E507-4C2A-84D2-8C38112327FA%40e-contract.be.
Frederik Vernelen
Jun 2, 2021, 7:52:24 AM6/2/21
to eID Middleware Dev
We also updated the documentation at https://github.com/Fedict/eid-mw/blob/master/doc/sdk/documentation/Applet%201.8%20eID%20Cards/Belgian%20Electronic%20Identity%20Card%20content%20v5_4.pdf
chapter 6.2.5
Wkr,
Frederik
To view this discussion on the web visit https://groups.google.com/d/msgid/eid-middleware-dev/53D1FFCC-23A9-4CD5-A41B-C026D5FCBC5A%40e-contract.be.
Reply all
Reply to author
Forward
0 new messages