AndroidPassportReader icon indicating copy to clipboard operation
AndroidPassportReader copied to clipboard

Published 20 hours ago verified publisher icon jllarraz

Active Auth Failed due to exception

Open zekierciyas opened this issue 3 years ago • 7 comments

DEBUG: this exception wasn't caught in verification logic (< 0.4.8) -- MO 3. Type is

How can i make active auth?

zekierciyas avatar May 06 '21 10:05 zekierciyas

Have you managed to fix this? I always get the exception "signer initialised with wrong digest for trailer 13516"

OscarBerggren avatar Sep 23 '21 12:09 OscarBerggren

I haven't fixed it yet.

El jue, 23 sept 2021 a las 13:17, OscarBerggren @.***>) escribió:

Have you managed to fix this? I always get the exception "signer initialised with wrong digest for trailer 13516"

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jllarraz/AndroidPassportReader/issues/35#issuecomment-925756518, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABFQ576PE6OZYR7VFSBLLHLUDMLGFANCNFSM44GYX5ZA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

jllarraz avatar Sep 23 '21 12:09 jllarraz

I´m just a little confused by what this comment means: "check that digestAlgorithm = "SHA1" in this case, check (and re-initialize) rsaAASignature (and rsaAACipher)."

What would we be "checking" in this case?

And even if I reinitialize the values like this

     if (digestAlgorithm == "SHA1") {
                rsaAASignature = Signature.getInstance("SHA1WithRSA/ISO9796-2", BC_PROVIDER)
                rsaAACipher = Cipher.getInstance("RSA/NONE/NoPadding")

                rsaAASignature = Signature.getInstance(signatureAlgorithm, BC_PROVIDER)
                rsaAACipher.init(Cipher.DECRYPT_MODE, rsaPublicKey)
                rsaAASignature!!.initVerify(rsaPublicKey)
            }
            
            It´s wrong. Am I on the right track?

OscarBerggren avatar Sep 23 '21 13:09 OscarBerggren

As far as I know the new passports from 2016 or 2018 have a different way of doing it. I didn't have the chance to review the new documentation. But I think that you can get it on Icao website

Otherwise I think that you are in the right track.

El jue., 23 sept. 2021 14:03, OscarBerggren @.***> escribió:

I´m just a little confused by what this comment means: "check that digestAlgorithm = "SHA1" in this case, check (and re-initialize) rsaAASignature (and rsaAACipher)."

What would we be "checking" in this case?

And even if I reinitialize the values like this

 if (digestAlgorithm == "SHA1") {

            rsaAASignature = Signature.getInstance("SHA1WithRSA/ISO9796-2", BC_PROVIDER)

            rsaAACipher = Cipher.getInstance("RSA/NONE/NoPadding")



            rsaAASignature = Signature.getInstance(signatureAlgorithm, BC_PROVIDER)

            rsaAACipher.init(Cipher.DECRYPT_MODE, rsaPublicKey)

            rsaAASignature!!.initVerify(rsaPublicKey)

        }



        It´s wrong. Am I on the right track?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jllarraz/AndroidPassportReader/issues/35#issuecomment-925796972, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABFQ5753JIQAWMLRC4G3QODUDMQT3ANCNFSM44GYX5ZA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

jllarraz avatar Sep 23 '21 18:09 jllarraz

Have you managed to fix this? I always get the exception "signer initialised with wrong digest for trailer 13516"

Is there any new development about this error ? I have same error

evrenay avatar May 17 '22 07:05 evrenay

Hi,

I am afraid that no. I just don't have the time right now to look into that issue.

Best regards

El mar, 17 may 2022 8:49, evrenay @.***> escribió:

Have you managed to fix this? I always get the exception "signer initialised with wrong digest for trailer 13516"

is there any new development ?

— Reply to this email directly, view it on GitHub https://github.com/jllarraz/AndroidPassportReader/issues/35#issuecomment-1128532488, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABFQ577JMLRBSSV6RS5HNG3VKNFSBANCNFSM44GYX5ZA . You are receiving this because you commented.Message ID: @.***>

jllarraz avatar May 17 '22 08:05 jllarraz

Hi, I couldn't solve this error for 1 week. Do you have any suggestions to solve it?

evrenay avatar May 17 '22 08:05 evrenay

hi guys, any solution about this error? some card field "activeAuthentication": false (func verifyAA()) @jllarraz @evrenay @zekierciyas @OscarBerggren

thank SO much!

MrLongg71 avatar Dec 13 '22 04:12 MrLongg71

I will be nice and tell what probably goes wrong.

In the plaintext variable is a 1 or 2 byte trailer (like you can also see in Util.recoverMessage). Based on that trailer the signature is SHA1, SHA224, SHA256, SHA384 or SHA512. (Refer to ICAO 9303 part 11 - 6.1.2.2 RSA)

Most likely the document you scanned did not SHA1 its RSA AA, but used one of the other digests. The trailer tells you which was used.

I will also refer you to https://github.com/AndyQ/NFCPassportReader/blob/main/Sources/NFCPassportReader/NFCPassportModel.swift#L304 for an implementation in swift, which handles this.

rbrouwer avatar Feb 27 '23 21:02 rbrouwer