JMRTD

Main | About | Install | Certificates | API

Certificates

A Country Signing Certificate (CSC) is needed to verify the authenticity of the Document Signing Certificate (DSC). Some countries have made their CSC publicly available. The list below contains those CSCs that we could find with Google. The list has links to government Web and LDAP servers where we found the certificates. (But please, don't trust us, go to your government's server and download the certificate yourself!)

A DCS is needed to verify the authenticity of the contents of the ePassport. Most ePassports we've seen include the DSC on the passport itself. If this is not the case for your country you may need to read the DSC from the ICAO PKD. Adam Laurie maintains a list of document signing certificates read from passports from different countries.

A Certificate Revocation List contains certificates which should no longer be used for document verification. Those countries publishing CSCs also publish Certificate Revocation Lists (CRLs). The ICAO PKD also contains CRLs.

fi.cer
Country:fi: Finland
Name:Finland Country CA
Valid:Jun 12 2006 - Sep 11 2016
Source:http://www.intermin.fi/intermin/hankkeet/biometria/home.nsf/webprint/C958723350320B69C22571CC0051A0F4?OpenDocument
de.cer
Country:de: Germany
Name:csca-germany
Valid:Aug 08 2005 - Feb 08 2019
Source:http://www.bsi.de/csca
fr.cer
Country:fr: France
Name:CSCA-FRANCE
Valid:Mar 31 2006 - Jun 30 2021
Source:http://www.interieur.gouv.fr/misill/sections/a_votre_service/vos_demarches/cni-passeport/autorite-certification-csca/view
ch.cer
Country:ch: Switzerland
Name:csca-switzerland-1
Valid:Jun 28 2006 - Aug 31 2017
Source:http://www.bit.admin.ch/adminpki/00247/00798/index.html?lang=de
at.cer
Country:at: Austria
Name:CSCA-AUSTRIA
Valid:Jun 08 2006 - Sep 12 2021
Source:http://www.bmi.gv.at/csca/startseite.asp
si.cer
Country:si: Slovenia
Name:CSCA-Slovenia
Valid:Jun 08 2006 - Jun 08 2021
Source:http://www.csca-si.gov.si/eindex.htm
cz.cer
Country:cz: Czech Republic
Name:CSCA_CZ
Valid:Jul 24 2006 - Oct 24 2021
Source:http://www.mvcr.cz/clanek/ceska-narodni-certifikacni-autorita.aspx
nl.cer
Country:nl: Netherlands
Name:CSCA NL
Valid:Aug 21 2006 - Aug 30 2014
Source:http://www.paspoortinformatie.nl/nederlands/Echtheidskenmerken/Model_2006/Echtheidskenmerken_model_2006/Chip/Download_certificaten
gr.cer
Country:gr: Greece
Name:CSCA-HELLAS
Valid:Aug 23 2006 - Nov 23 2016
Source:http://www.passport.gov.gr/index.php?option=com_content&task=view&id=34&Itemid=58
hu.cer
Country:hu: Hungary
Name:CSCA-HUNGARY
Valid:Aug 25 2006 - Nov 25 2019
Source:http://www.nyilvantarto.hu/kekkh/kozos/index.php?k=csca_tanusitvany_eng
es.cer
Country:es: Spain
Name:AC RAIZ PASAPORTE
Valid:Jul 20 2006 - Oct 20 2021
Source:ldap://ldap.dnie.es:389
mc.cer
Country:mc: Monaco
Name:CSCAPKI_MC2
Valid:Dec 02 2008 - Mar 04 2017
Source:http://www.police.gouv.mc/devwww/wwwnew.nsf/1909$/EE6842B6660F9D47C125756F002B93D3GB?OpenDocument&8GB

Other countries

Some other countries, while not offering their CSC certificate for download, do provide some information.

Philippe Teuwen did some research into which manufacturers provide technology for which countries.

Using the ICAO PKD files with OpenLDAP

The ICAO PKD currently provides dumps of the read-only PKD for download (for non-commercial personal use).

Importing these into OpenLDAP is easy:

A JNDI interface to such a PKD LDAP server is currently supported in the development version of JMRTD (in SVN).

Certificate validation with OpenSSL

If you wish to verify the signature of the CSC (in file csc.cer) on some DSC (in file dsc.cer), without relying on JMRTD, here's how to do it with OpenSSL:

   openssl x509 -in csc.cer -inform DER -out csc.pem
   openssl x509 -in dsc.cer -inform DER -out dsc.pem
   openssl verify -CAfile csc.pem dsc.pem


Get JMRTD: Machine Readable Travel Documents at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project Valid XHTML 1.1 Valid CSS!
© 2006 - 2010 the JMRTD team