Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-3415

CVC access control template for additional DGs

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.1.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently the EAC 1.11 (Tech_docs/Standarder/Passport/EAC 1.11.pdf) specification, as implemented in cert-cvc.jar, protects DG3 and DG4 for extended access control.

      The access is encoded in the certificate as an AuthorizationField that specifies Role and access rights.
      In the current version of cert-cvc there is only possibility to specify the enums DG3, DG4 or DG3 and DG4 (AccessRightEnum).

      According to EAC 2.10 (Tech_docs/Standarder/Passport/TR-03110_v2.1*.pdf) specifies additional DGs that can "optionally" be protected. There is some sort of byte field determining the access control bits.

      • Extend cert-cvc to be able to encode access control bits for the extra DGs
      • Extend the EJBCA Certificate Profiles in Admin GUI to handle extra DGs.

      Hopefully this field is compatible between EAC 1.11 and 2.10, since we need to still create 1.11 CVC certificates for EAC ePassports.

      There are some sample EAC 2.10 certificates available in Tech_docs/Standarder/Passport/BSI_EAC-2.1-Worked-Example.zip.

        Attachments

          Activity

            People

            • Assignee:
              samuel Samuel Lidén Borell
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Mike Agrenius Kushner, Tomas Gustavsson
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: