Class EAC20

Object
   |
   +--EAC20

class EAC20

Class implementing support for Extended Access Control V2
Defined in eac20.js

Field Detail

CADPs

Object CADPs

CAInfos

Object CAInfos

CAPublicKeys

Object CAPublicKeys

card

Object card

crypto

Object crypto

includeDPinAuthToken

Object includeDPinAuthToken

maxCData

Object maxCData

maxRData

Object maxRData

PACEDPs

Object PACEDPs

PACEInfos

Object PACEInfos

readCardInfo

Object readCardInfo

RIInfos

Object RIInfos

selectADFwithoutSM

Object selectADFwithoutSM

sm

Object sm

useFID

Object useFID

verbose

Object verbose

AID_eID

<static> Object AID_eID

AID_eSign

<static> Object AID_eSign

AID_LDS

<static> Object AID_LDS

ID_CAN

<static> Object ID_CAN

PACE PWD is the CAN

ID_MRZ

<static> Object ID_MRZ

PACE PWD is the hashed MRZ

ID_PIN

<static> Object ID_PIN

PACE PWD is the PIN

ID_PUK

<static> Object ID_PUK

PACE PWD is the PUK

SFI_CardAccess

<static> Object SFI_CardAccess

SFI_CardSecurity

<static> Object SFI_CardSecurity

SFI_ChipSecurity

<static> Object SFI_ChipSecurity

SFI_COM

<static> Object SFI_COM

SFI_CVCA

<static> Object SFI_CVCA

EAC20

EAC20(<Crypto> crypto, <Card> card)

Create a protocol object for EAC

Parameters:
crypto - the crypto provider
card - the card object

calculateBACKey

Key calculateBACKey(<String> mrz, <Number> keyno)

Calculate the Basic Access Control (BAC) key from the MRZ

Parameters:
mrz - 2 line or 3 line machine readable zone
keyno - Number of key to calculate (1 for Kenc and 2 for Kmac)

Returns:
the key object

getCADomainParameterInfos

ChipAuthenticationDomainParameterInfo[] getCADomainParameterInfos()

Return the list of ChipAuthenticationDomainParameterInfo objects

Returns:
the list of ChipAuthenticationDomainParameterInfo objects read from the card, indexed by the keyId

getCAInfos

ChipAuthenticationInfo[] getCAInfos()

Return the list of ChipAuthenticationInfo objects

Returns:
the list of ChipAuthenticationInfo objects read from the card, indexed by the keyId

getCAKeyId

 getCAKeyId(privileged)

Return the key id of the chip authentication key

Returns:
the key id

getPACEDomainParameterInfos

PACEDomainParameterInfo[] getPACEDomainParameterInfos()

Return the list of PACEDomainParameterInfo objects

Returns:
the list of PACEDomainParameterInfo objects read from the card, indexed by the parameterId

getPACEInfos

PACEInfo[] getPACEInfos()

Return the list of PACEInfo objects

Returns:
the list of PACEInfo objects read from the card, indexed by the parameterId

getRIKeyId

 getRIKeyId(<boolean> authOnly)

Return the key id of the restricted identification key

Parameters:
authOnly - return the RI key available after authentication only (to calculate the pseudonym)

Returns:
the key id

getTrustAnchorCAR

PublicKeyReference getTrustAnchorCAR(<boolean> previous)

Return the trust anchor's CAR as indicated by the card in the PACE protocol

Parameters:
previous - , true to return the previous CAR, if any

Returns:
the CertificationAuthorityReference (CAR)

hashMRZ

ByteString hashMRZ(<String> mrz)

Calculate the hash over document number, date of birth and date of expiration from 2 or 3 line MRZ

 2 line MRZ of Silver Data Set
   P

Parameters:
mrz - 2 line or 3 line machine readable zone

Returns:
the SHA-1 hash over the concatenation of document number, date of birth and date of expiration

log

void log(str)

performBAC

void performBAC(<Key> kenc, <Key> kmac)

Perform BAC using the provided Kenc and Kmac values.

Parameters:
kenc - the key Kenc
kmac - the key Kmac

performBACWithMRZ

void performBACWithMRZ(mrz)

Perform BAC using the provided Kenc and Kmac values.

Parameters:
kenc - the key Kenc
kmac - the key Kmac

performChipAuthentication

boolean performChipAuthentication(<Number> keyid)

Perform chip authentication and establish a secure channel

Parameters:
keyid - the key identifier (only required for ChipAuthentication in version 1)

Returns:
true, if chip authentication was successfull

performChipAuthenticationV1

boolean performChipAuthenticationV1(keyid)

Perform chip authentication in version 1 and establish a secure channel

Returns:
true, if chip authentication was successfull

performChipAuthenticationV2

boolean performChipAuthenticationV2()

Perform chip authentication in version 2 and establish a secure channel

Returns:
true, if chip authentication was successfull

performPACE

void performPACE(<Number> parameterId, <Number> pwdid, <ByteString> pwd, <ASN1> chat)

Perform PACE using the indicated parameter set, the identified password, the password value and an optional cardholder authentication template.

This method supports PACE version 1 and 2. For version 2, parameterId with a value between 0 and 31 denotes a standardized domain parameter as defined in TR-03110 2.04 or later.

Parameters:
parameterId - the identifier for the PACEInfo and PACEDomainParameterInfo from EF.CardInfo. Use 0 for the default.
pwdid - one of EAC20.ID_MRZ, EAC20.ID_CAN, EAC20.ID_PIN, EAC20.ID_PUK
pwd - the PACE password
chat - the CHAT data object with tag 7F4C or null

performRestrictedIdentification

ByteString performRestrictedIdentification(<Number> keyId, <ByteString> sectorPublicKey, <Number> sectorPublicKeyIndex)

Perform restricted identification

Parameters:
keyId - restricted identification key identifier
sectorPublicKey - the sector public key data
sectorPublicKeyIndex - optional argument that allows to select a specific sector public key in the terminal certificate

Returns:
the sector specific identifier

performTerminalAuthentication

void performTerminalAuthentication(<Key> termkey, <ByteString> auxdata, <Crypto> crypto)

Perform terminal authentication using a given terminal key

Parameters:
termkey - the terminal private key
auxdata - auxiliary data (tag '67') to be included in terminal authentication
crypto - optional alternative crypto provider (e.g. for key in SmartCard-HSM)

performTerminalAuthenticationFinal

void performTerminalAuthenticationFinal(<ByteString> signature)

Complete terminal authentication by submitting the signature to the card

Parameters:
signature - the signature as concatenation of r and s

performTerminalAuthenticationSetup

Object performTerminalAuthenticationSetup(<ByteString> auxdata)

Prepare terminal authentication by setting the required security environment

Parameters:
auxdata - auxiliary data (tag '67') to be included in terminal authentication

prepareChipAuthentication

void prepareChipAuthentication(<Number> keyId)

Prepare chip authentication by generating the ephemeral key pair

Parameters:
keyId - the key identifier to be used for chip authentication

processSecurityInfos

void processSecurityInfos(<ASN1> si, <boolean> fromCardSecurity)

Process a list of security infos from EF.CardInfo, EF.CardSecurity or EF.ChipSecurity

Parameters:
si - the security info ASN Sequence
fromCardSecurity - true if security infos are taken from EF.CardSecurity, EF.ChipSecurity or EF.DG14

readCardAccess

void readCardAccess()

Read EF.CardAccess and process security infos

readCardSecurity

void readCardSecurity()

Read EF.CardSecurity and process security infos

readChipSecurity

void readChipSecurity()

Read EF.ChipSecurity and process security infos

readCVCA

void readCVCA()

Read EF.CVCA and process contained CARs

readDG14

void readDG14()

Read EF.DG14 and process security infos

readEFwithFID

ByteString readEFwithFID(<ByteString> fid)

Select EF using FID and read elementary file

Parameters:
fid - 2 byte file identifier

Returns:
the content of the EF

readEFwithSFI

ByteString readEFwithSFI(sfi)

Select and read EF using SFI

Parameters:
short - file identifier

Returns:
the content of the EF

select_eID

void select_eID()

Select eID Application

select_eSign

void select_eSign()

Select eSign Application

selectADF

void selectADF(<ByteString> aid)

Select application DF

Parameters:
aid - the application identifier

selectLDS

void selectLDS()

Select ePass LDS Application

setIDPICC

void setIDPICC(idPICC)

Set the ID_PICC used for terminal authentication in EAC 1.11

Parameters:
id -
kmac - the key Kmac

updateEFwithFID

void updateEFwithFID(<ByteString> fid, <ByteString> data)

Select EF using FID and update content

Parameters:
fid - 2 byte file identifier
data - data to be written

updateEFwithSFI

Object updateEFwithSFI(sfi, <ByteString> data)

Select EF using SFI and update content

Parameters:
data - data to be written
short - file identifier

verifyAuxiliaryData

boolean verifyAuxiliaryData(<ByteString> oid)

Verify authenticated auxiliary data

Parameters:
oid - the object identifier for the auxiliary data provided during terminal authentication

Returns:
true, if auxiliary data was verified

verifyCertificateChain

void verifyCertificateChain(<CVC[]> cvcchain)

Submit a list of certificates to the card for verification

Parameters:
cvcchain - the list of certificates, starting with link certificates, DVCA certificate and terminal certificate.

decodeDocumentNumber

<static> String decodeDocumentNumber(<String> mrz)

Decode document number from 2 or 3 line MRZ

This method supports a document number in a three line MRZ longer than 10 digits.

Parameters:
mrz - the concatenation of the MRZ lines

Returns:
the document number