Chip Authentication fails for some documents where keyId is explicitly set. keyId is optional, and is only meant for documents that support multiple chip authentication algorithms / keys. Most documents I have tested have not set keyId for ChipAuthenticationInfo / ChipAuthenticationPublicKeyInfo (optionalData is nil).
However some specimen documents, including documents from Malta, explicitly sets keyId, even though it only supports one Chip Authentication Info / key pair. Chip Authentication fails with error 0x6A 0x80 - Incorrect parameters in the data field for this document.
In the current implementation we read keyId as an integer. If we instead read keyId with radix 16, chip authentication succeeds. Have tested this on
Documents with only one ChipAuthenticationInfo / ChipAuthenticationPublicKeyInfo pair where optional data is nil
Documents with only one ChipAuthenticationInfo / ChipAuthenticationPublicKeyInfo pair where optional data is explicitly set
Documents with ChipAuthenticationPublicKeyInfo but without ChipAuthenticationInfo
Documents with multiple ChipAuthenticationInfo / ChipAuthenticationPublicKeyInfo pairs
AndyQ
commented
2 years ago
Chip Authentication fails for some documents where keyId is explicitly set. keyId is optional, and is only meant for documents that support multiple chip authentication algorithms / keys. Most documents I have tested have not set keyId for ChipAuthenticationInfo / ChipAuthenticationPublicKeyInfo (optionalData is nil).
However some specimen documents, including documents from Malta, explicitly sets keyId, even though it only supports one Chip Authentication Info / key pair. Chip Authentication fails with error 0x6A 0x80 - Incorrect parameters in the data field for this document.
In the current implementation we read keyId as an integer. If we instead read keyId with radix 16, chip authentication succeeds. Have tested this on