Invalid passport on recently issued valid passport

[akeilox]

When a January 2020 issued valid passport scanned it shows Invalid passport. Running the latest version and it scans other passport issued before just fine.

What It could be missing ?

[jllarraz]

For the csca you need to download the latest certificates from the issuing country. For the chip one you probably just need to increase the timeout of the NFC tag.

Best regards

El mié., 10 jun. 2020 21:09, akeilox notifications@github.com escribió:

[image: 50FFBCA6-4BF0-4145-8679-6C28E4A0F341] https://user-images.githubusercontent.com/4035501/84313228-cfecc200-ab98-11ea-9591-eaf10513e842.jpeg

When a January 2020 issued valid passport scanned it shows Invalid passport. Running the latest version and it scans other passport issued before just fine.

What It could be missing ?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jllarraz/AndroidPassportReader/issues/19, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABFQ575VSHBETOQ67QE2MTDRV7R7BANCNFSM4N2WXODQ .

[akeilox]

I am using the latest version with the NFC timeout increase already in place. And I am not doing the CSCA verification either.

I can get the picture and details of the passport just fine. But it shows Invalid passport strangely when its just a brand new (january 2020 issue) valid passport.

To clarify I dont get Invalid for other passports of same country from previous issues or others.

What could be the issue in this case ?

[akeilox]

@jllarraz is there something else I can check for this Invalid passport message on 2020 issued passports? Like I mentioned above, picture and details read fine but the Invalid/Red marking shows up.

[RomainL972]

Hello @akeilox, By any chance is your passport from France or maybe another European country? Because I have the same problem with my passport issued in December 2019

[akeilox]

Hi @RomainL972 its not an European passport, but Asian the ones i have tested. All of the ones I have tested with this Chip Invalid sign showing are the December 2019 to 2020 newly issued passports. It is consistent that when I check another newly issued passport (march 2020) it too gives the same Chip invalid but it reads the picture and details fine. Does it read the details and picture fine for your case ?

If yes then its a common global issue, and not a european or asian thing.

[jllarraz]

The picture is stored in another datagram, so is the basic information. Interesting if they have changed the specification, would like to know which is the new one

[RomainL972]

Yes I'm able to read the details and picture, and the chip authentication only works if I explicitly set the encryption algorithm, which I shouldn't have to do as it may not be compatible with all passports

[akeilox]

I think we may have something in common with the France and Singapore, in the sense both countries biometric passports are done by the same French company Thales Group www.thalesgroup.com

But looking at their website, they have also done many other country passports too in Europe or Asia, and must have complied with ICAO

[akeilox]

This page kinda gives a trail of which countries they have done recently;

https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/customer-cases

What do you think might have changed / updated ?

[akeilox]

Some of the articles show company name Gemalto in the link above, which was acquired by Thales Group. US, UK etc. most prominent ones seems to be made by them.

[jllarraz]

According to the Documentation Security Infos for Active Authentication If ECDSA based signature algorithm is used for Active Authentication by the eMRTD chip, the SecurityInfos MUST contain the following SecurityInfo entry: • ActiveAuthenticationInfo Security Infos for Chip Authentication To indicate support for Chip Authentication SecurityInfos may contain the following entries: • At least one ChipAuthenticationInfo and the corresponding ChipAuthenticationPublicKeyInfo using explicit domain parameters MUST be present. Security Infos for Other Protocols SecurityInfos may contain additional entries indicating support for other protocols. The inspection system may discard any unknown entry.

So unless that they are no longer using a ECDSA algorithm, they should be adding the ChipAuthenticationInfo. As I don't have access to any recently issued passport I am afraid that I can't help you with this.