JMRTD

A Free Implementation of Machine Readable Travel Documents

JMRTD is a free implementation of the Machine Readable Travel Document (MRTD) standards as specified by the International Civil Aviation Organization (ICAO). The electronic passport (or "ePassport"), which by now has been introduced in many countries, is an implementation of these standards.

Both a card side application (the "passport applet") and a host side API for accessing electronic passports are developed. The passport applet makes it possible to create your own passports (in case you're starting your own country). The applet is written in Java Card.

The host side API makes it possible to authenticate with a passport and read the information on the chip. The host side API is written in Java.

News

April 17, 2009:	Version 0.0.2 of applet released	Download
April 17, 2009:	Version 0.4.3 of host API released	Download
December 15, 2008:	Using your ePassport for online authentication	Read more

Downloads

The host API can be downloaded as an automatic installer (thanks to IzPack and JSmooth).

• The current version of the host API is 0.4.3 and can be downloaded as a Windows installer: jmrtd_installer.exe or as a platform independent JAR file: jmrtd_installer.jar.
• The current version of the applet is passportapplet-0.0.2.zip.

Alternatively, you could check out the SVN repository (we're using the Subclipse plugin for Eclipse) Note that the host API currently requires JDK 1.6.

Documentation

Available documentation:

• License (it's LGPL)
• Installation instructions
• API docs of the host API

Specifications

Most of the specifications are open (as in: can be purchased). Here's our list.

• The ICAO specs consist of two technical reports:
  • ICAO TR LDS - v1.7: Description of the data structure format.
  • ICAO TR PKI - v1.1: Description of the security mechanisms Basic Access Control (BAC), Passive Authentication (PA), and Active Authentication (AA).
• The MRZ (EF.DG1) is specified in ICAO Doc 9303:
  • ICAO 9303 part 1 volume 1
  • ICAO 9303 part 1 volume 2
  • ICAO 9303 part 3
• Biometric data (EF.DG2 - EF.DG4):
  • NISTIR6529A: Specification of the CBEFF format.
  • ISO/IEC 7816-11: Specification of storage format for biometric templates.
  • ISO/IEC 19794-5: Biometric Data Interchange Formats - Part 5: Face Image Data: Specification of Face image.
• EAC (EF.DG14, EF.CVCA):
  • BSI TR-03110_v111: Description of the security mechanism Extended Access Control (EAC).
  • BSI TR-03110_v200: Latest version of EAC specification.
• Specs dealing with crypto (EF.SOd):
  • RFC 3369: Cryptographic Message Syntax: Specification of the data-structure used in the security object (PA).
  • ISO/IEC 9796-2:2002 Digital signature schemes giving message recovery: Specification of the padding used in BAC secure messaging and of the AA cryptogram.

Certificates

We have a list of country signing certificates that Google found.

External Links

• Our project page on SourceForge.net.
• Similar projects (in alphabetical order):
  • cmrtd is a sibling project of JMRTD written in C.
  • The eCl0wn tool by Jeroen van Beek can read ePassports and runs on Nokia NFC handsets. (The tool also personalizes the THC applet, see below.)
  • The Golden Reader Tool (GRT) by BSI.
  • The ISO18013 Electronic Driving License implementation by Wojciech Mostowski (apparently together with RDW and Collis) is partially based on JMRTD code. Wojciech also has an eID JavaCard applet which shares some low level code with this project.
  • JMRTD is the obligatory recursive link.
  • JSmex is a smart card explorer which supports MRTDs.
  • The OpenMRTD.org project by Harald Welte.
  • The pyPassport and ePassport Viewer are Python based tools for reading and displaying ePassports by Jean-François Houzard and Olivier Roger of UC Louvain.
  • The RFIDIOt project by Adam Laurie.
  • THC-ePassport by THC/vonJeek/Jeroen van Beek is the JavaCard applet used in the August 2008 Times articles.
  • wzPass is Windows software for reading ePassports by Johann Dantant.
• General information:
  • ICAO site and ICAO/MRTD site.
  • Wikipedia entries on Biometric passport, ePassport, and MRTD.
  • Paspoort informatie (in Dutch) by the Dutch government.
• Opinions and/or blogs on the ePassport by other people:
  • E-passports without the big picture: Jaap-Henk Hoepman and Bart Jacobs on ePassports, identity management, and privacy.
  • MRTD Analysis.org: Lukas Grunwald's site
  • The ePassport cloning myth never dies: A blog entry on ePassport "hacks" by ZDNet's George Ou.
  • Bio Paspoort.blogspot.com: An anonymous blog (in Dutch) about the passport
  • The practical nomad: Edward Hasbrouck's blog.
  • Beveiliging elektronisch paspoort: FAQ (in Dutch) by the System & Network Engineering group at UvA about the August 2008 articles in The Times.
  • On Exploiting ePassport Vulnerabilities: by Rowland Watkins also looks at PKD vulnerabilities.
  • Passport cloning in perspective: Cees-Bart Breunesse of Riscure on ePassport cloning.