The spec for machine readable travel documents is sadly not the most concise but if you're interested in the nitty-gritty details of how to validate documents, how to read data from them, etc then jump into ICAO 9303:
But please keep in mind that this is just the spec for how it's supposed to be implemented. Real world implementations of it have lots of creative interpretations of the spec in addition to straight bugs in their implementations, so if you're going to write software that has to work with various different documents issued by various governments, you'll have many fun debugging sessions :)
chatmasta · 5h ago
It seems every country that moves to electronic travel authorization has an app that requires me to verify my passport with this method. I have a fairly new passport, issued in the last few years, and a recent phone… and this process is a huge pain. I need to massage my passport with my phone for a minute, maybe I get a bite, hold it still… oops, start over… try again… okay, use our partner’s face ID recognition service instead… ugh it’s horrible.
I don’t know if the issue is the very low power chip in the passport, or some damage or what… but I dread the process any time I need to do it.
doublerabbit · 4h ago
It's just a future fantasy that isn't fit for our dystopian world. I'm still waiting for the fantasy of fixed potholes.
chatmasta · 4h ago
Honestly, it’s better than “take a photo of your passport and upload it to our unsecured S3 bucket.”
You need to enter the passport number and dates yourself though.
nemoniac · 5h ago
Here's a tidied up version of the Python code to generate the MRZ from the passport data. It also corrects a padding error.
https://pastebin.com/k0Tty22a
My Dutch driver's licence has a single MRZ-like line across the bottom. It seems to encode the country and licence number but I can't make any sense of the rest of the line. Anyone have any leads?
Farbklex · 4h ago
I haven't found the docs for the Dutch version but this article shows the content of the MRZ of a French drivers license. They seem to match the Dutch ones as well.
does not say anything about it passing digital checks
charcircuit · 1h ago
Why would they make such an important key be copyable?
lxgr · 49m ago
To be useful, that key needs to be present in countless border checkpoint or even police devices, so it's inherently very hard to keep secret.
That's a known trade-off, and I believe some countries accordingly restrict access to their own national authorities (which usually already have access to that data via other means, since they're issuing the document).
aneutron · 6h ago
Sounds fairly sensible to me
heavyset_go · 3h ago
If it's truly sensitive data, encrypting with a unique private key and locking that with a PIN a la FIDO via NFC would be a bit more secure.
One master key leak and everyone is walking around with IDs that give away sensitive data over RFID.
stavros · 9h ago
Hm, he doesn't say whether he managed to decrypt the passport with the missing checksum in the end, or whether the piercing doesn't matter because it's trivial to calculate the checksum from the rest of the info, or how long that would take. Did I miss it, or is that useful information omitted?
Yep, I saw that section, but thought that the next section was a continuation of it. Maybe you could say a few more things about it, like "since it was trivial to recreate the checksum, I managed to read my passport fine, and then wondered what it would take to guess the entire MRZ" as a segue.
SXX · 7h ago
I always wondered isn't this kind of specification also have digital signature of the passport issuer or something? Otherwise how do other countries can verify it's not a fake one?
I read this article, but seems like any information about it is kind a omited.
landgenoot · 6h ago
Yes. There is even an active function that allows you sign arbitrary bits to check if the passport actually contains the private key. Otherwise you could spoof a passport by just replaying the government signed data.
Source: I have been working on a blockchain implementation in the past that was compatible with the cryptographic functions in an NFC passport. Basically using a standard NFC passport as a cold wallet.
Fun fact. The cryptographic system even differs per country.
E.g. the Dutch don't trust the NIST elliptic curves so use the brainpool curves instead.
Some other countries are still using RSA iirc.
lxgr · 1h ago
> Yes. There is even an active function that allows you sign arbitrary bits to check if the passport actually contains the private key.
That's true for older passports, but there's actually a newer scheme that uses Diffie-Hellman key agreement instead, since non-repudiation, which is hard to avoid with RSA signatures, is considered a non-goal for passports. (Some governments apparently don't want them to be used as a "backdoor e-signing scheme", hence the change to the new repudiable authentication scheme.)
landgenoot · 15m ago
That makes sense. It has been almost a decade ago when I worked on this subject. Do you have examples of countries that do this?
Some countries (like Belgium) this _is_ a goal. They implemented a full PKI in their identity cards.
lxgr · 4m ago
Some countries indeed also implement an e-signature scheme with their national identity cards (for example Germany), but this is a completely different scheme and accordingly protocol from the ICAO biometric travel document one.
Essentially, these countries run two applications on the document chip: One that lets anyone verify the authenticity of the document, using the ICAO PKI and active or chip authentication, and one that lets the document owner sign data, usually after entering a PIN or password (or anybody holding the document could do so on their behalf).
Other countries decouple e-signatures/remote authentication and electronically verifiable identity documents, e.g. Austria – which now has an ICAO-compatible identity card, but a completely separate e-signature schme based on, and it really pains me to say this... server-side private keys.
SXX · 6h ago
Thanks for details.
Actual validation methods would be actually cool to read about. Since if we ignore legal diffuculties of storing the data then we can actually use passport cryptography as something like actual proof-of-human without pesky 3rd-parties.
lxgr · 1h ago
Not on many new passports. Non-repudiable signatures were intentionally defined as a non-goal, and signature functionality is no longer present on newer passports.
SXX · 43m ago
To proof-of-human and some UUID you only need valid signature on passport data.
lxgr · 6m ago
That only proves that a given human exists and was issued a given passport, not that that passport is actually present. For that you do need active or chip authentication, but only the former yields a signature that third parties can validate.
Even then, authorization is completely missing from the ICAO model – it's for authentication of identity documents only. It's explicitly not intended for "proof of humanity", since that requires authorization too, or it'd be vulnerable to any attacker that can briefly tap your identity document with their phone.
That's one of the reasons why active authentication was deprecated, presumably: Signatures without document owner authorization can be misleading/interpreted as confirming intent, not just document existence.
SXX · 13s ago
To be honest I was thinking more about it more as just measure for anti-spam and limiting bots, but obviously it will only work for certain audiences since in countries like UK like 20-25% of people simply dont hold the passport at all. I can guess in US a lot of people only have driver licenses too.
c22 · 3h ago
Is it just because the third parties that issue passports aren't pesky?
bluesign · 5h ago
but why would passport contain a private key ?
landgenoot · 2h ago
The public key information is signed by the government and readable.
This enables the passport to prove it's integrity by signing responses with its private key.
janmo · 6h ago
The passports contain a digital signature and a DSC (Document Signing Certificate). This DSC is signed by a CSCA certificate which you can download from the ICAO Public Key Directory. Link here: https://pkddownloadsg.icao.int/
criddell · 2h ago
Is any of this specific to Linux? It looks like it should work in Windows an macOS as well.
I've had several banking apps (and I believe one airline or hotel booking app as well) scan my ICAO passport as part of KYC, so this is definitely a thing.
Much preferred over the usual "send us a photo of your password as a means of authentication".
edent · 2h ago
I only have Linux (and Android) to test on. Please report back if it works on other OSes.
ape4 · 4h ago
Its odd that the dates aren't Y2K safe (hard to believe I am typing this in '25).
the_svd_doctor · 3h ago
Yes. In fact I just filled a UK ETA for my 1 year old daughter, and after taking a photo of the MRZ the application asked me to confirm if she was born in 1924 or 2024 :-)
frelp · 8h ago
I wonder if you could create a chip that could break the passport reader system. That could really disrupt things, so hopefully that’s not possible.
edent · 7h ago
The ICAO documents contain the complete specification. It is moderately complex and involves twiddling lots of bits. So I've no doubt that a passport reader somewhere isn't doing bounds checking properly.
But you could achieve much the same effect with a hammer.
giantg2 · 7h ago
But could a hammer deliver a malicious payload that could spread in the system? I'm not sure if you could do that with data on the chip, but maybe.
lxgr · 53m ago
Yes, but so could a sticker with a QR code containing some exploit that the optical passport reader scans.
I don't think it's a particularly different attack vector just because the chip is "active". Competent systems would treat all data received from it as potentially harmful until proven otherwise.
hypeatei · 8h ago
Burning a zero day like that in front of border / travel officers will probably land you in prison very quickly.
dopp0 · 3h ago
the world belongs to the braves
monai · 6h ago
You can transmit arbitrary data in certain steps of the passport reading process. The possibility of disruption depends on whether the reading system has bugs exploitable by the incoming data.
I've seen crashes in PKCS#11 drivers when reading cards with malformed data. So, the possibility, in theory, is always there.
dzhiurgis · 8h ago
Hol up. So what stops you from uploading custom photo + metadata onto random chip and planting it in a fake passport?
edent · 8h ago
The data are signed with the passport issuing authority's private key.
So you could implement a chip which reacts like an official passport. When the border guards see that the signature is invalid, you can explain how it's just a prank and you'll all have a jolly good laugh about it.
wkat4242 · 8h ago
I doubt border guards know what a cryptographic signature is. But they'll probably have a big red marker that tells them to hold you and get someone who knows :)
vbezhenar · 7h ago
Invalid signature probably will result from chip degradation or other electronic failures and I'm pretty sure that you won't be the first they see. Passport is supposed to be valid without any digital things, so they'll proceed with ordinary procedures, with manual entry of data from passport.
lxgr · 1h ago
> Invalid signature probably will result from chip degradation or other electronic failures
I'd consider that pretty unlikely. Degraded chips would most likely provide no signature, not an invalid one. (Being able to randomly flip bits would be a big security problem for these kinds of ICs, so I'd assume they'd have robust protections against that.)
Nextgrid · 7h ago
I remember reading an article or paper that checked the validity and spec compliance of various nations's passports, and found lots of variation, so a valid signature isn't actually a guarantee even in a legit passport.
23434dsf · 8h ago
So if I strolled through the airport with a high power NFC reader/writer, I could ruin a lot of peoples trips?
edent · 8h ago
No.
NFC chips can be locked. That means the data can't be overwritten. No matter the writer, nor its strength, you can't overwrite a passport's chip.
I suppose you could use an EMP - but that would ruin a lot more than just some trips.
crowbahr · 6h ago
In addition to the mechanisms people are describing here - passports have a metal mesh in them to disrupt NFC signals. It's not a full faraday cage but it works on similar principles. The passport has to be _open_ to be read from, and then only after you transmit the MRZ will you get anything.
raron · 5h ago
> passports have a metal mesh in them to disrupt NFC signals
I don't think that is universally true. At least I can read my closed 2 years old passport with my phone.
crowbahr · 4h ago
Hmm the American passports have the mesh afaik - I _thought_ it was part of the ICAO docs (not that that means people do it but still...)
crowbahr · 1h ago
Just tested on my American passport - it will not read while closed, either from the front or the back. Opening it up - no issues reading. Seems like there is in fact a faraday mesh or something
lukan · 8h ago
"The NFC chip in a passport is protected by a password. The password is printed on the inside of the physical passport. As well as needing to be physically close to the passport for NFC to work0, you also need to be able to see the password."
lxgr · 1h ago
Even that password only gives you read access.
I don't think ICAO passports can ever be rewritten post-issuance. Some national IDs can, e.g. to change the holder's residential address, but for passports, I don't think any part of the on-chip data can be changed post-issuance, since it would also require re-printing data on the photo page usually under protective plastic.
wkat4242 · 7h ago
Yes but. In Europe this tech is also in our id cards whether said passport is printed on the outside (considering it's just a credit card format). You still have to see it but it doesn't have to be opened to the right page like a passport.
Both sides even have the info printed. One side in human format, the owner side in machine readable.
lukan · 7h ago
Yes, but this still means a attacker needs to have physical access to the passport?
tialaramex · 7h ago
They need to know the information which functions as key. Because many people don't trust government secrets, the information used for this purpose on a passport is actually just facts about you which were already printed in your passport, plus the passport number. The machine summarises these in a "Machine readable zone" but they're nothing you didn't know.
For a random traveller you can probably guess roughly how old they are, which is a few bits for the date-of-birth, and maybe you could strike up conversation and discover their name (or maybe it's printed on baggage, called out by fellow travellers etc.) but yeah it'll be very hard
For a very well known person you can likely discover everything except the passport number and you might get a decent guess at that from knowing roughly when it would be issued.
lukan · 6h ago
"For a very well known person you can likely discover everything except the passport number and you might get a decent guess at that from knowing roughly when it would be issued."
From a very well known person you could probably also steal everything you need directly, if your purpose is to create damage.
wkat4242 · 6h ago
Kinda the same as with the NFC.
You can read from a small distance, probably further than you can read an NFC tag with your phone. And you can automate both on a phone (OCR and NFC)
daveoc64 · 8h ago
What makes you think you could do this?
remcob · 8h ago
Besides the data being signed as already mentioned, the protocol is interactive and custom to passport documents. So you can’t just put it on any programmable NFC tag. I also doubt you can buy programmable ones implementing the passport protocols. But maybe you can find general purpose programmable ones you can implement the protocol on.
There are also optional subprotocols that allow the chip to be authenticated (i.e. proof it knows a private key). These prevent copying valid signed data to a different chip.
lxgr · 1h ago
You can definitely run the protocol on a programmable smartcard (see for example https://jmrtd.org/), but without the required PKI certificates, nobody would accept your home-made passport.
crowbahr · 6h ago
Yeah but since the USA doesn't sign on to anything above basic auth (MRZ unlock) everyone also has to work on the more basic level. Kinda unfortunate.
SXX · 6h ago
Countries like UK actually have publicly database for e-visas (share code) that can easily be verified via online API. So probably at least some foreign governments can cross validate some of passport data with each other.
crowbahr · 6h ago
Countries all know each other's signing certs. There's a question of how much they _trust_ the other country but the certs are all public.
neoromantique · 8h ago
Considering how often it is done, not much?
victorbjorklund · 1h ago
It is not? Pretty much all cases of digitally valid "fake" passports are corruption where they were made by the govt the same way normal passports are made.
https://www.icao.int/publications/documents/9303_p10_cons_en...
https://www.icao.int/publications/documents/9303_p11_cons_en...
But please keep in mind that this is just the spec for how it's supposed to be implemented. Real world implementations of it have lots of creative interpretations of the spec in addition to straight bugs in their implementations, so if you're going to write software that has to work with various different documents issued by various governments, you'll have many fun debugging sessions :)
I don’t know if the issue is the very low power chip in the passport, or some damage or what… but I dread the process any time I need to do it.
You need to enter the passport number and dates yourself though.
https://trustdochub.com/en/mrz-strip-french-driving-licence/...
:-)
That's a known trade-off, and I believe some countries accordingly restrict access to their own national authorities (which usually already have access to that data via other means, since they're issuing the document).
One master key leak and everyone is walking around with IDs that give away sensitive data over RFID.
I read this article, but seems like any information about it is kind a omited.
Source: I have been working on a blockchain implementation in the past that was compatible with the cryptographic functions in an NFC passport. Basically using a standard NFC passport as a cold wallet.
Fun fact. The cryptographic system even differs per country.
E.g. the Dutch don't trust the NIST elliptic curves so use the brainpool curves instead. Some other countries are still using RSA iirc.
That's true for older passports, but there's actually a newer scheme that uses Diffie-Hellman key agreement instead, since non-repudiation, which is hard to avoid with RSA signatures, is considered a non-goal for passports. (Some governments apparently don't want them to be used as a "backdoor e-signing scheme", hence the change to the new repudiable authentication scheme.)
Some countries (like Belgium) this _is_ a goal. They implemented a full PKI in their identity cards.
Essentially, these countries run two applications on the document chip: One that lets anyone verify the authenticity of the document, using the ICAO PKI and active or chip authentication, and one that lets the document owner sign data, usually after entering a PIN or password (or anybody holding the document could do so on their behalf).
Other countries decouple e-signatures/remote authentication and electronically verifiable identity documents, e.g. Austria – which now has an ICAO-compatible identity card, but a completely separate e-signature schme based on, and it really pains me to say this... server-side private keys.
Actual validation methods would be actually cool to read about. Since if we ignore legal diffuculties of storing the data then we can actually use passport cryptography as something like actual proof-of-human without pesky 3rd-parties.
Even then, authorization is completely missing from the ICAO model – it's for authentication of identity documents only. It's explicitly not intended for "proof of humanity", since that requires authorization too, or it'd be vulnerable to any attacker that can briefly tap your identity document with their phone.
That's one of the reasons why active authentication was deprecated, presumably: Signatures without document owner authorization can be misleading/interpreted as confirming intent, not just document existence.
This enables the passport to prove it's integrity by signing responses with its private key.
Much preferred over the usual "send us a photo of your password as a means of authentication".
But you could achieve much the same effect with a hammer.
I don't think it's a particularly different attack vector just because the chip is "active". Competent systems would treat all data received from it as potentially harmful until proven otherwise.
I've seen crashes in PKCS#11 drivers when reading cards with malformed data. So, the possibility, in theory, is always there.
So you could implement a chip which reacts like an official passport. When the border guards see that the signature is invalid, you can explain how it's just a prank and you'll all have a jolly good laugh about it.
I'd consider that pretty unlikely. Degraded chips would most likely provide no signature, not an invalid one. (Being able to randomly flip bits would be a big security problem for these kinds of ICs, so I'd assume they'd have robust protections against that.)
NFC chips can be locked. That means the data can't be overwritten. No matter the writer, nor its strength, you can't overwrite a passport's chip.
I suppose you could use an EMP - but that would ruin a lot more than just some trips.
I don't think that is universally true. At least I can read my closed 2 years old passport with my phone.
I don't think ICAO passports can ever be rewritten post-issuance. Some national IDs can, e.g. to change the holder's residential address, but for passports, I don't think any part of the on-chip data can be changed post-issuance, since it would also require re-printing data on the photo page usually under protective plastic.
Both sides even have the info printed. One side in human format, the owner side in machine readable.
For a random traveller you can probably guess roughly how old they are, which is a few bits for the date-of-birth, and maybe you could strike up conversation and discover their name (or maybe it's printed on baggage, called out by fellow travellers etc.) but yeah it'll be very hard
For a very well known person you can likely discover everything except the passport number and you might get a decent guess at that from knowing roughly when it would be issued.
From a very well known person you could probably also steal everything you need directly, if your purpose is to create damage.
You can read from a small distance, probably further than you can read an NFC tag with your phone. And you can automate both on a phone (OCR and NFC)
There are also optional subprotocols that allow the chip to be authenticated (i.e. proof it knows a private key). These prevent copying valid signed data to a different chip.