Package org.jmrtd.protocol

Class EACTAProtocol

  • public class EACTAProtocol
extends Object
    The EAC Terminal Authentication protocol.
    Since:
    0.5.6
    Version:
    $Revision: 1802 $
    Author:
    The JMRTD team ([email protected])

    • Constructor Detail

      • EACTAProtocol

        public EACTAProtocol​(APDULevelEACTACapable service,
                     SecureMessagingWrapper wrapper)
        Creates a protocol instance.
        Parameters:
        service - the card service for APDU communication
        wrapper - the secure messaging wrapper

    • Method Detail

      • doEACTA

        public EACTAResult doEACTA​(CVCPrincipal caReference,
                           List<CardVerifiableCertificate> terminalCertificates,
                           PrivateKey terminalKey,
                           String taAlg,
                           EACCAResult chipAuthenticationResult,
                           String documentNumber)
                    throws net.sf.scuba.smartcards.CardServiceException
        Perform the EAC-TA (Terminal Authentication) part of EAC (version 1). For details see TR-03110 ver. 1.11. In short, we feed the sequence of terminal certificates to the card for verification, get a challenge from the card, sign it with terminal private key, and send back to the card for verification.
        Parameters:
        caReference - a reference to the issuer
        terminalCertificates - the terminal certificate chain
        terminalKey - the terminal private key
        taAlg - the algorithm
        chipAuthenticationResult - the chip authentication result
        documentNumber - the document number from which the chip key hash will be derived
        Returns:
        the Terminal Authentication result
        Throws:
        net.sf.scuba.smartcards.CardServiceException - on error

      • doTA

        public EACTAResult doTA​(CVCPrincipal caReference,
                        List<CardVerifiableCertificate> terminalCertificates,
                        PrivateKey terminalKey,
                        String taAlg,
                        EACCAResult chipAuthenticationResult,
                        PACEResult paceResult)
                 throws net.sf.scuba.smartcards.CardServiceException
        Perform TA (Terminal Authentication) part of EAC (version 1). For details see TR-03110 ver. 1.11. In short, we feed the sequence of terminal certificates to the card for verification, get a challenge from the card, sign it with terminal private key, and send back to the card for verification.
        Parameters:
        caReference - reference issuer
        terminalCertificates - terminal certificate chain
        terminalKey - terminal private key
        taAlg - the algorithm
        chipAuthenticationResult - the chip authentication result
        paceResult - the PACE result from which the chip key hash will be derived
        Returns:
        the Terminal Authentication result
        Throws:
        net.sf.scuba.smartcards.CardServiceException - on error

      • doTA

        public EACTAResult doTA​(CVCPrincipal caReference,
                        List<CardVerifiableCertificate> terminalCertificates,
                        PrivateKey terminalKey,
                        String taAlg,
                        EACCAResult chipAuthenticationResult,
                        byte[] idPICC)
                 throws net.sf.scuba.smartcards.CardServiceException
        Executes the Terminal Authentication protocol.
        Parameters:
        caReference - the certificate authority
        terminalCertificates - the chain of certificates to send
        terminalKey - the inspection system's private key
        taAlg - the algorithm
        chipAuthenticationResult - the result of the Chip Authentication protocol execution
        idPICC - the chip identifier
        Returns:
        the result of Terminal Authentication
        Throws:
        net.sf.scuba.smartcards.CardServiceException - on error