Validating fradulent documents
When issuing an e Passport, the CSCA private key digitally signs the DS Certificate. Figure 1: The chain of trust A digital signature on an e Passport is derived from the issuing State’s security certificates, each of which contains the public key that can be used to verify its authenticity—the Country Signing Certification Authority (CSCA) Certificate and the Document Signer Certificate (DSC).
Together, the signature and certificates form a trust chain wherein one end is securely anchored in the authority of the issuing State and the other end is securely stored in the chip of the e Passport as the Document Security Object.
This asymmetric encryption method is used to create the digital signature found in e Passports.Before explaining the basic requirements for conducting e Passport validation, the page on Basics of e Passport Cryptography provides information on how e Passports are digitally signed.This section provides important foundational information that is necessary for understanding the steps for validating e Passports.For e Passports, the purpose of encrypting the information is not to keep it secret.
After all, the information can be easily read on the data page of the e Passport.The key used to encrypt the data is kept extremely secure and is known as the “private key”.The other key, called the “public key” is widely distributed and can be used to decrypt the data.The Document signer must be validated against the CSCA to validate the digital signature to complete the whole chain of trust regarding the signatures.