Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-3415

CVC access control template for additional DGs

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.1.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently the EAC 1.11 (Tech_docs/Standarder/Passport/EAC 1.11.pdf) specification, as implemented in cert-cvc.jar, protects DG3 and DG4 for extended access control.

      The access is encoded in the certificate as an AuthorizationField that specifies Role and access rights.
      In the current version of cert-cvc there is only possibility to specify the enums DG3, DG4 or DG3 and DG4 (AccessRightEnum).

      According to EAC 2.10 (Tech_docs/Standarder/Passport/TR-03110_v2.1*.pdf) specifies additional DGs that can "optionally" be protected. There is some sort of byte field determining the access control bits.

      • Extend cert-cvc to be able to encode access control bits for the extra DGs
      • Extend the EJBCA Certificate Profiles in Admin GUI to handle extra DGs.

      Hopefully this field is compatible between EAC 1.11 and 2.10, since we need to still create 1.11 CVC certificates for EAC ePassports.

      There are some sample EAC 2.10 certificates available in Tech_docs/Standarder/Passport/BSI_EAC-2.1-Worked-Example.zip.

        Attachments

          Activity

            People

            Assignee:
            samuel Samuel Lidén Borell
            Reporter:
            tomas Tomas Gustavsson
            Verified by:
            Mike Agrenius Kushner, Tomas Gustavsson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: