I scan my passport with smartscanner and the UI showed check marks in the Authentication section. But the debug logs showed failure to verify the Data Group hashes:
W/PassportNFC: Skipping DG1 during HT verification because file could not be read.
W/PassportNFC: Skipping DG2 during HT verification because file could not be read.
W/PassportNFC: Skipping DG11 during HT verification because file could not be read.
W/PassportNFC: Skipping DG12 during HT verification because file could not be read.
W/PassportNFC: Skipping DG15 during HT verification because file could not be read.
Expected Behaviour
The above lines should not appear in the logcat debug messages.
When the above lines does not appear in the logcat debug messages, it means that the Data Group hashes got read successfully and its values re-computed and match. This is important because the correct values of these hashes is a check against content tampering.
Steps to Reproduce the Problem
Use smartscanner-core to scan a passport
Notice that under Authentication section claims passport is valid despite the Data Group hashes are not verified.
Context
The Data Group hashes are hashes of the passport content and is what the Document Signer certificate is certifying. This document signer certificate is further anchored to the country signing certificate present in the csca file.
Current Behaviour
I scan my passport with smartscanner and the UI showed check marks in the Authentication section. But the debug logs showed failure to verify the Data Group hashes:
Expected Behaviour
The above lines should not appear in the logcat debug messages.
When the above lines does not appear in the logcat debug messages, it means that the Data Group hashes got read successfully and its values re-computed and match. This is important because the correct values of these hashes is a check against content tampering.
Steps to Reproduce the Problem
Context
The Data Group hashes are hashes of the passport content and is what the Document Signer certificate is certifying. This document signer certificate is further anchored to the country signing certificate present in the csca file.
This issue has dependency of another issue https://github.com/idpass/smartscanner-core/issues/48