German eID Card (Neuer Personalausweis)

The eID directory contains a full simulation and test setup for a card providing an ePassport, eID and eSign application as defined in TR-03110 2.1 implementing BAC, SAC, PACE and EAC (1.11+2.1).

The eID scripts require at least version 3.7.1476 of the Smart Card Shell. The scripts do not work with the 3.6.989 version of the Eclipse Plug-In.

Using the simulation

The simulation makes use of the CardSimulationAdapter, providing an APDU interface on port 8050 at the local machine. The protocol at this port is compatible with the JCOP JavaCard simulator provided by NXP. Select the "JCOPSimulation" card reader in the Smart Card Shell to access the running simulation.

To start the simulation you will need to run a separate instance of the Smart Card Shell and load the eidsim.js scripts with :

> load("eID/eidsim.js");

The script will create and personalize the simulator's file system and then wait for incoming command APDUs.

For using the simulation with hardware from Micropross, Comprion or Proxmark please contact us.

Running the tests

A test environment is provided in the testing directory.

To run the tests you will need to start a Smart Card Shell separate from the running simulation and load the tests with :

> load("eID/testing/loadtests.js");

You can of course use the same setup to test a real world eID card or ePassport. Just select a different card reader and provide the required settings in the loadtests.js file.

The test setup uses the EAC-PKI available as part of the SmartCard-HSM support package.

Please contact us for a full eID / ePassport test setup.

Compliance

The simulation passes layer 6 tests of the ICAO RF Protocol and Application Test Standard for e-Passport - Part 3, version 2.01 and the AFNOR/BSI test plan for EAC with the following exceptions:

  1. 7816_I_9 - A (0,0) public key is not detected
  2. 7816_I_16 - A public key not on the curve is not detected
  3. 7816_K_17 - The simulation does not check the tags during the MANAGE SE command but later in EXTERNAL AUTHENTICATE. Step 5 fails, however the security functionality is given.
  4. 7816_P_05 to 7816_P_10 and 7816_P_77 - The simulation does not check the tags during the MANAGE SE command but later in GENERAL AUTHENTICATE.
  5. 7816_P_30 - A public key not on the curve is not detected
  6. 7816_P_75 - The simulation does not support domain parameter selection