NFCPassportReader: [German ID] Error reading DG3 tag. Reason: Security status not satisfied.

Reading tag - COM
Reading tag - SOD
Reading tag - DG1

are successful.

when reading DG3 tag, getting error:

Reading tag - DG3
Mask class byte and pad command header
	CmdHeader: <value>
Pad data
	Data: <value><value>
Encrypt data with KSenc
	EncryptedData: <value>
Build DO'87
	DO87: <value>
Concatenate CmdHeader and DO87
	M: <value>
		SSC: <value>
Compute MAC of M
	Increment SSC with 1
		SSC: <value>
	Concatenate SSC and M and add padding
		N: <value>
x0: <value>
y0: <value>
x1: <value>
y1: <value>
x2: <value>
y2: <value>
x3: <value>
y3: <value>
y: <value>
bkey: <value>
akey: <value>
b: <value>
a: <value>
	Compute MAC over N with KSmac
		CC: <value>
Build DO'8E
	DO8E: <value>
Construct and send protected APDU
	ProtectedAPDU: <value>
[SM] <NFCISO7816APDU: 0x283c67570>
Error reading tag: sw1 - 69, sw2 - 82 - reason: Security status not satisfied
2019-11-09 19:17:56.458315+0100 NFCPassportReaderApp[669:36407] [CoreNFC] 00000002 81c70900 -[NFCTagReaderSession setAlertMessage:]:92  (null)
ERROR - Security status not satisfied
Calculate the SHA-1 hash of MRZ_information
	Hsha1(MRZ_information): <value>
Take the most significant 16 bytes to form the Kseed
	Kseed: <value>
Calculate the Basic Acces Keys (Kenc and Kmac) using Appendix 5.1
Compute Encryption key (c: 00000001
	Concatenate Kseed and c
		D: <value>
	Calculate the SHA-1 hash of D
		Hsha1(D): <value>
	Form keys Ka and Kb
		Ka: <value>
		Kb: <value>
	Adjust parity bits
		Ka: <value>
		Kb: <value>
Compute MAC Computation key (c: 00000002
	Concatenate Kseed and c
		D: <value>
	Calculate the SHA-1 hash of D
		Hsha1(D): <value>
	Form keys Ka and Kb
		Ka: <value>
		Kb: <value>
	Adjust parity bits
		Ka: <value>
		Kb: <value>
DATA - [135, 254, 118, 14, 193, 128, 176, 231]
Request an 8 byte random number from the MRTD's chip
	RND.ICC: <value>
Generate an 8 byte random and a 16 byte random
	RND.IFD: <value>
	RND.Kifd: <value>
Concatenate RND.IFD, RND.ICC and Kifd
	S: <value>
Encrypt S with TDES key Kenc as calculated in Appendix 5.2
	Eifd: <value>
x0: <value>
y0: <value>
x1: <value>
y1: <value>
x2: <value>
y2: <value>
x3: <value>
y3: <value>
x4: <value>
y4: <value>
y: <value>
bkey: <value>
akey: <value>
b: <value>
a: <value>
Compute MAC over eifd with TDES key Kmac as calculated in-Appendix 5.2
	Mifd: <value>
Construct command data for MUTUAL AUTHENTICATE
	cmd_data: <value>
Error reading tag: sw1 - 6A, sw2 - 88 - reason: Referenced data not found
ERROR - The operation couldn’t be completed. (NFCPassportReader.TagError error 0.)
tagReaderSession:didInvalidateWithError - Error Domain=NFCError Code=200 "Session invalidated by user" UserInfo={NSLocalizedDescription=Session invalidated by user}

<value> replaces real values just to hide them in public.

Affected version: 1.0.0 ID country: Germany Running on Example app

Version 0.0.8 reads the same document with the same MRZ Key successfully.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 19 (10 by maintainers)

Most upvoted comments

Thanks - looks like I’m not ha doing that as well as I thought. I’ll get a fix for that hopefully tomorrow.

+1
AndyQ on Nov 10, 2019
Read more comments on GitHub
← NFCPassportReader: Error identifying Active Authentication Hash Algorithm - Australian ePassport
NFCPassportReader: SM data objects incorrect / Wrong length →