Highlights:
- NO specs whatsoever in TD-ID1-Chip-App v0.8, except a slight hint:
-
id-PACE-Nist-P256 AES-CBC-CMAC-256"To exchange APDU in Contactless with PKI application in a secure channel. No applicative privileges are granted" on page 12 in "IFD (Interface Device)" section. - Incorrect claim on page 14 regarding EF.CardAccess:
PACEDomainParameterInfo: BRAINPOOL_P384_R1 (BrainpoolP384r1)- actual curve used is secp256r1
-
- ISO 14443-A with random 4 byte UID
- PACE with
id-PACE-ECDH-GM-AES-CBC-CMAC-256with CAN (6 digit number printed on card)- TR 03110-3 defines it: https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html
- All PKI doable over NFC after CAN authentication with PACE
- 6 digit number on the lower front right corner. printed with OCR-B font
- Not possible to change!
-
VALEDAATOR WILL BE BACK
- check balance and top up public transport cards
- read data from eID card
- Java SDK for working with eID cards
- Android
- (NFC cards only) https://mrtn.ee/vids/2019-02-21-valedaator2.mp4
- Desktop:
- PC/SC (contact and contactless) https://mrtn.ee/vids/2019-01-22-nfcid.mp4
- ping [email protected] for more information about the SDK
- Android
Leaving the card on a powered NFC reader for overnight can have disastrous consequences. This is how the ATR of the card looks like on the contact interface:
[*] [ ] ACS ACR 38U-CCID 01 00
3B0FD8D8D8D8D8D8D8D8D8D8D8D8D8D8D8
versus a working card:
[*] [ ] ACS ACR 38U-CCID 01 00
3BDB960080B1FE451F830012233F536549440F9000F1
In other words - the card is fried/bricked/useless. If leaving in the powered RF field is to blame, is unverified (would mean trying to brick another card).