Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Just FYI they do contain machine readable digital signatures from the passport issuer these days.


Is that in the RFID tag? I know US passports have those embedded, but I wasn't sure about other nationalities.

I'd be curious to learn more about how they verify those signatures as well; I can imagine it being nontrivial/de facto limited to a collection of trusted partner nations.


They definitely do have it in the RFID tag. Depending on your nationality, some have it printed in a larger QR-code like thing, I think. There’s an international standard, but I wouldn’t know where to find it.


It's specified by IATA. It's an NFC tag, not RFID, and the data is a JPEG2000 image with its hash embedded inside an X.509 certificate. There's no public root store: the national root certs are passed around between governments using diplomatic bags.

The standards are all public and anyone can write an app to verify e-Passports. There are Android apps on the Play Store that can do it, although they don't necessarily have complete collections of national certs.


FWIW, the ICAO standard[1] mentions ISO 14443 for communication, which (seems) to only cover RFID and not NFC.

[1]: https://www.icao.int/publications/Documents/9303_p9_cons_en....


NFC is a superset of RFID I think. At least, you can read the tags with the NFC tag functionality of a smartphone.

Edit: oops yes you're right I meant ICAO, IATA is a different airline related organization.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: