Class Index | File Index

Classes

Class EAC20

Class implementing support for Extended Access Control V2
Defined in: EAC20.js.

Class Summary
Constructor Attributes Constructor Name and Description
 
EAC20(crypto, card)
Create a protocol object for EAC
Field Summary
Field Attributes Field Name and Description
<static>  
EAC20.ID_CAN
PACE PWD is the CAN
<static>  
EAC20.ID_MRZ
PACE PWD is the hashed MRZ
<static>  
EAC20.ID_PIN
PACE PWD is the PIN
<static>  
EAC20.ID_PUK
PACE PWD is the PUK
Method Summary
Method Attributes Method Name and Description
 
calculateBACKey(mrz, keyno)
Calculate the Basic Access Control (BAC) key from the MRZ
<static>  
EAC20.decodeDocumentNumber(mrz)
Decode document number from 2 or 3 line MRZ

This method supports a document number in a three line MRZ longer than 10 digits.
 
getCADomainParameterInfos()
Return the list of ChipAuthenticationDomainParameterInfo objects
 
getCAInfos()
Return the list of ChipAuthenticationInfo objects
 
getCAKeyId(privileged)
Return the key id of the chip authentication key
 
getPACEDomainParameterInfos()
Return the list of PACEDomainParameterInfo objects
 
getPACEInfos()
Return the list of PACEInfo objects
 
getRIKeyId(authOnly)
Return the key id of the restricted identification key
 
getTrustAnchorCAR(previous,)
Return the trust anchor's CAR as indicated by the card in the PACE protocol
 
hashMRZ(mrz)
Calculate the hash over document number, date of birth and date of expiration from 2 or 3 line MRZ 
2 line MRZ of Silver Data Set
  P
 
performBAC(kenc, kmac)
Perform BAC using the provided Kenc and Kmac values.
 
performBACWithMRZ(kenc, kmac)
Perform BAC using the provided Kenc and Kmac values.
 
performChipAuthentication(keyid)
Perform chip authentication and establish a secure channel
 
performChipAuthenticationV1(keyid)
Perform chip authentication in version 1 and establish a secure channel
 
performChipAuthenticationV2()
Perform chip authentication in version 2 and establish a secure channel
 
performPACE(parameterId, pwdid, pwd, chat, certExt)
Perform PACE using the indicated parameter set, the identified password, the password value and an optional cardholder authentication template.
 
performRestrictedIdentification(keyId, sectorPublicKey, sectorPublicKeyIndex)
Perform restricted identification
 
performTerminalAuthentication(termkey, auxdata, crypto)
Perform terminal authentication using a given terminal key
 
performTerminalAuthenticationFinal(signature)
Complete terminal authentication by submitting the signature to the card
 
performTerminalAuthenticationSetup(auxdata)
Prepare terminal authentication by setting the required security environment
 
prepareChipAuthentication(keyId)
Prepare chip authentication by generating the ephemeral key pair
 
processSecurityInfos(si, fromCardSecurity)
Process a list of security infos from EF.CardInfo, EF.CardSecurity or EF.ChipSecurity
 
readCardAccess()
Read EF.CardAccess and process security infos
 
readCardSecurity()
Read EF.CardSecurity and process security infos
 
readChipSecurity()
Read EF.ChipSecurity and process security infos
 
readCVCA()
Read EF.CVCA and process contained CARs
 
readDG14()
Read EF.DG14 and process security infos
 
readEFwithFID(fid)
Select EF using FID and read elementary file
 
readEFwithSFI(short)
Select and read EF using SFI
 
readTLVEFwithSFI(short)
Select and read a TLV encoded EF using SFI
 
select_eID()
Select eID Application
 
select_eSign()
Select eSign Application
 
selectADF(aid)
Select application DF
 
selectLDS()
Select ePass LDS Application
 
setIDPICC(id, kmac)
Set the ID_PICC used for terminal authentication in EAC 1.11
 
updateEFwithFID(fid, data)
Select EF using FID and update content
 
updateEFwithSFI(short, data)
Select EF using SFI and update content
 
verifyAuxiliaryData(oid)
Verify authenticated auxiliary data
 
verifyCertificateChain(cvcchain)
Submit a list of certificates to the card for verification
Class Detail
EAC20(crypto, card)
Create a protocol object for EAC
Parameters:
{Crypto} crypto
the crypto provider
{Card} card
the card object
Field Detail
<static> EAC20.ID_CAN
PACE PWD is the CAN
<static> EAC20.ID_MRZ
PACE PWD is the hashed MRZ
<static> EAC20.ID_PIN
PACE PWD is the PIN
<static> EAC20.ID_PUK
PACE PWD is the PUK
Method Detail
{Key} calculateBACKey(mrz, keyno)
Calculate the Basic Access Control (BAC) key from the MRZ
Parameters:
{String} mrz
2 line or 3 line machine readable zone
{Number} keyno
Number of key to calculate (1 for Kenc and 2 for Kmac)
Returns:
the key object
<static> {String} EAC20.decodeDocumentNumber(mrz)
Decode document number from 2 or 3 line MRZ

This method supports a document number in a three line MRZ longer than 10 digits.

Parameters:
{String} mrz
the concatenation of the MRZ lines
Returns:
the document number
{ChipAuthenticationDomainParameterInfo[]} getCADomainParameterInfos()
Return the list of ChipAuthenticationDomainParameterInfo objects
Returns:
the list of ChipAuthenticationDomainParameterInfo objects read from the card, indexed by the keyId
{ChipAuthenticationInfo[]} getCAInfos()
Return the list of ChipAuthenticationInfo objects
Returns:
the list of ChipAuthenticationInfo objects read from the card, indexed by the keyId
getCAKeyId(privileged)
Return the key id of the chip authentication key
Parameters:
privileged
Returns:
the key id
{PACEDomainParameterInfo[]} getPACEDomainParameterInfos()
Return the list of PACEDomainParameterInfo objects
Returns:
the list of PACEDomainParameterInfo objects read from the card, indexed by the parameterId
{PACEInfo[]} getPACEInfos()
Return the list of PACEInfo objects
Returns:
the list of PACEInfo objects read from the card, indexed by the parameterId
getRIKeyId(authOnly)
Return the key id of the restricted identification key
Parameters:
{boolean} authOnly
return the RI key available after authentication only (to calculate the pseudonym)
Returns:
the key id
{PublicKeyReference} getTrustAnchorCAR(previous,)
Return the trust anchor's CAR as indicated by the card in the PACE protocol
Parameters:
{boolean} previous,
true to return the previous CAR, if any
Returns:
the CertificationAuthorityReference (CAR)
{ByteString} hashMRZ(mrz)
Calculate the hash over document number, date of birth and date of expiration from 2 or 3 line MRZ 
2 line MRZ of Silver Data Set
  P
Parameters:
{String} mrz
2 line or 3 line machine readable zone
Returns:
the SHA-1 hash over the concatenation of document number, date of birth and date of expiration
performBAC(kenc, kmac)
Perform BAC using the provided Kenc and Kmac values.
Parameters:
{Key} kenc
the key Kenc
{Key} kmac
the key Kmac
performBACWithMRZ(kenc, kmac)
Perform BAC using the provided Kenc and Kmac values.
Parameters:
{Key} kenc
the key Kenc
{Key} kmac
the key Kmac
{boolean} performChipAuthentication(keyid)
Perform chip authentication and establish a secure channel
Parameters:
{Number} keyid
the key identifier (only required for ChipAuthentication in version 1)
Returns:
true, if chip authentication was successfull
{boolean} performChipAuthenticationV1(keyid)
Perform chip authentication in version 1 and establish a secure channel
Parameters:
keyid
Returns:
true, if chip authentication was successfull
{boolean} performChipAuthenticationV2()
Perform chip authentication in version 2 and establish a secure channel
Returns:
true, if chip authentication was successfull
performPACE(parameterId, pwdid, pwd, chat, certExt)
Perform PACE using the indicated parameter set, the identified password, the password value and an optional cardholder authentication template.

This method supports PACE version 1 and 2. For version 2, parameterId with a value between 0 and 31 denotes a standardized domain parameter as defined in TR-03110 2.04 or later.

Parameters:
{Number} parameterId
the identifier for the PACEInfo and PACEDomainParameterInfo from EF.CardInfo. Use 0 for the default.
{Number} pwdid
one of EAC20.ID_MRZ, EAC20.ID_CAN, EAC20.ID_PIN, EAC20.ID_PUK
{ByteString} pwd
the PACE password or PACE key
{ASN1} chat
the CHAT data object with tag 7F4C or null
{ASN1} certExt
the certificate extensions data object with tag 65 or null
{ByteString} performRestrictedIdentification(keyId, sectorPublicKey, sectorPublicKeyIndex)
Perform restricted identification
Parameters:
{Number} keyId
restricted identification key identifier
{ByteString} sectorPublicKey
the sector public key data
{Number} sectorPublicKeyIndex
optional argument that allows to select a specific sector public key in the terminal certificate
Returns:
the sector specific identifier
performTerminalAuthentication(termkey, auxdata, crypto)
Perform terminal authentication using a given terminal key
Parameters:
{Key} termkey
the terminal private key
{ByteString} auxdata
auxiliary data (tag '67') to be included in terminal authentication
{Crypto} crypto
optional alternative crypto provider (e.g. for key in SmartCard-HSM)
performTerminalAuthenticationFinal(signature)
Complete terminal authentication by submitting the signature to the card
Parameters:
{ByteString} signature
the signature as concatenation of r and s
performTerminalAuthenticationSetup(auxdata)
Prepare terminal authentication by setting the required security environment
Parameters:
{ByteString} auxdata
auxiliary data (tag '67') to be included in terminal authentication
prepareChipAuthentication(keyId)
Prepare chip authentication by generating the ephemeral key pair
Parameters:
{Number} keyId
the key identifier to be used for chip authentication
processSecurityInfos(si, fromCardSecurity)
Process a list of security infos from EF.CardInfo, EF.CardSecurity or EF.ChipSecurity
Parameters:
{ASN1} si
the security info ASN Sequence
{boolean} fromCardSecurity
true if security infos are taken from EF.CardSecurity, EF.ChipSecurity or EF.DG14
readCardAccess()
Read EF.CardAccess and process security infos
readCardSecurity()
Read EF.CardSecurity and process security infos
readChipSecurity()
Read EF.ChipSecurity and process security infos
readCVCA()
Read EF.CVCA and process contained CARs
readDG14()
Read EF.DG14 and process security infos
{ByteString} readEFwithFID(fid)
Select EF using FID and read elementary file
Parameters:
{ByteString} fid
2 byte file identifier
Returns:
the content of the EF
{ByteString} readEFwithSFI(short)
Select and read EF using SFI
Parameters:
{Number} short
file identifier
Returns:
the content of the EF
{ByteString} readTLVEFwithSFI(short)
Select and read a TLV encoded EF using SFI
Parameters:
{Number} short
file identifier
Returns:
the TLV content of the EF
select_eID()
Select eID Application
select_eSign()
Select eSign Application
selectADF(aid)
Select application DF
Parameters:
{ByteString} aid
the application identifier
selectLDS()
Select ePass LDS Application
setIDPICC(id, kmac)
Set the ID_PICC used for terminal authentication in EAC 1.11
Parameters:
{ByteString} id
{Key} kmac
the key Kmac
updateEFwithFID(fid, data)
Select EF using FID and update content
Parameters:
{ByteString} fid
2 byte file identifier
{ByteString} data
data to be written
updateEFwithSFI(short, data)
Select EF using SFI and update content
Parameters:
{Number} short
file identifier
{ByteString} data
data to be written
{boolean} verifyAuxiliaryData(oid)
Verify authenticated auxiliary data
Parameters:
{ByteString} oid
the object identifier for the auxiliary data provided during terminal authentication
Returns:
true, if auxiliary data was verified
verifyCertificateChain(cvcchain)
Submit a list of certificates to the card for verification
Parameters:
{CVC[]} cvcchain
the list of certificates, starting with link certificates, DVCA certificate and terminal certificate.
Documentation generated by JsDoc Toolkit 2.4.0 on Fri Feb 16 2024 18:38:12 GMT+0100 (CET)