IC Data Authentication Reference


                    
                    
                    PassiveAuthenticationHandler

PassiveAuthenticationHandler is responsible for performing passive authentication on data groups of an eMRTD.

Passive Authentication proves that the contents of the Document Security Object (SOD) and LDS are authentic and not changed.

Note

This verification mechanism does not require processing capabilities of the contactless IC in the Therefore it is called “Passive Authentication” of the contactless IC’s contents.

Important

It does not prevent exact copying of the contactless IC’s content or chip substitution. See ChipAuthenticationHandler for more about that.

See also

SOD and HashAlgorithm

Declaration

Swift

internal final class PassiveAuthenticationHandler


                    
                    
                    PKCS7

PKCS7 is a class for handling PKCS#7 messages, extracting X.509 certificates.

See also

X509Certificate

Declaration

Swift

internal final class PKCS7


                    
                    
                    SignedData

SignedData is a class representing data contained in a signed data structure found in eMRTD SOD data group.

The ASN.1 data structure SignedData is defined as follows:

SignedData ::= SEQUENCE {
    INTEGER version CMSVersion,
    SET digestAlgorithms DigestAlgorithmIdentifiers,
    SEQUENCE encapContentInfo EncapsulatedContentInfo,
    certificates [0] IMPLICIT CertificateSet OPTIONAL,
    crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
    SET signerInfos SignerInfos
}

DigestAlgorithmIdentifiers ::= AlgorithmIdentifier

AlgorithmIdentifier ::= SEQUENCE {
    algorithm OBJECT IDENTIFIER,
    parameters ANY OPTIONAL
}

EncapsulatedContentInfo ::= SEQUENCE {
    eContentType ContentType,
    eContent [0] EXPLICIT OCTET STRING OPTIONAL
}

ContentType ::= OBJECT IDENTIFIER

SignerInfos ::= SET OF SignerInfo

SignerInfo ::= SEQUENCE {
    version CMSVersion,
    sid SignerIdentifier,
    digestAlgorithm DigestAlgorithmIdentifier,
    signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
    signatureAlgorithm SignatureAlgorithmIdentifier,
    signature SignatureValue,
    unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL
}

SignerIdentifier ::= CHOICE {
    issuerAndSerialNumber IssuerAndSerialNumber,
    subjectKeyIdentifier [0] SubjectKeyIdentifier
}

SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute

Attribute ::= SEQUENCE {
    attrType OBJECT IDENTIFIER,
    attrValues SET OF AttributeValue
}

AttributeValue ::= ANY
SignatureValue ::= OCTET STRING

In addition, the class allows to verify the signed data against the stored certificate.

See also

SOD and PassiveAuthenticationHandler

Declaration

Swift

internal final class SignedData


                    
                    
                    X509Certificate

X509Certificate is a class representing an X.509 certificate.

See also

PKCS7Message and X509CertificateDetails

Declaration

Swift

internal final class X509Certificate


                    
                    
                    X509CertificateDetails

X509CertificateDetails is a structure representing the details of an X.509 certificate.

See also

X509Certificate

Declaration

Swift

public struct X509CertificateDetails