ASN.1 structures specificities for ICAO¶

ICAO and eIDAS specify complex ASN.1 structures, or simply DER encoded data in Logical Data Structure. We define here JSON output format (with attributes name, type and content) for each file or structure.

Note

If a field is optional and missing in a structure defined in ICAO specifications, JSON corresponding key is absent.

Note

Output of some structures (for example SignedData in EF.SOD file) are simplified or modified compared to their definition.

Following files are parsed and returned in JSON format:

DG 1
DG 2
DG 3
DG 4
DG 5
DG 7
DG 11
DG 12
DG 14
DG 15
DG 16
EF.SOD
EF.COM
EF.CardSecurity
EF.CardAccess

ASN.1 structures¶

ASN.1 structures, when they are clearly defined in ICAO or eIDAS specifications, are returned in JSON according to ASN.1 and JSON conversion rules.

For instance, a PACEInfo could be, in JSON:

{
        protocol: "0.4.0.127.0.7.2.2.4.2.4",
        version: 2,
        parameterId: 16
}

Some ASN.1 structures defined in ICAO specifications are returned in JSON with some specificities. They are described in the following paragraphs.

Security Info¶

Following SecurityInfo types are returned in JSON format:

PACEInfo
PACEDomainParameterInfo
ActiveAuthenticationInfo
ChipAuthenticationInfo
ChipAuthenticationPublicKeyInfo
ChipAuthenticationDomainParameterInfo
TerminalAuthenticationInfo

They could be present in files as EF.CardAccess, EF.CardSecurity, DG 14 and so on.

Other SecurityInfo types are defined and returned as follows:

Field	ASN.1 type
`protocol`	`OBJECT IDENTIFIER`
`requiredData`	`ANY`
`optionalData`	`ANY`

Algorithm Identifier¶

Algorithm identifier ASN.1 structure is considered as follows:

Field	ASN.1 type
`algorithm`	`OBJECT IDENTIFIER`
`parameters`	`ANY`

Subject Public Key Info¶

Subject public key info ASN.1 structure is considered as follows:

Field	ASN.1 type
`algorithm`	`AlgorithmIdentifier` (see Algorithm Identifier)

Data Group Hash¶

Data Group Hash ASN.1 structure is considered as follows:

Field	ASN.1 type
`dataGroupNumber`	`INTEGER`
`dataGroupHashValue`	`OCTET STRING`

LDS Version Info¶

LDS Version Info ASN.1 structure is considered as follows:

Field	ASN.1 type
`ldsVersion`	`STRING`
`unicodeVersion`	`STRING`

LDS Security Object¶

LDS Security Object ASN.1 structure is considered as follows:

Field	ASN.1 type
`version`	`INTEGER`
`hashAlgorithm`	`AlgorithmIdentifier` (see Algorithm Identifier)
`dataGroupHashValues`	`SET of DataGroupHash` (see Data Group Hash)
`ldsVersionInfo`	`LDSVersionInfo` (see LDS Version Info)

Encapsulated Content Info¶

Encapsulated Content Info ASN.1 structure is considered as follows:

Field	ASN.1 type
`eContentType`	`OBJECT IDENTIFIER`
`eContent`	`LDSSecurityObject` (see LDS Security Object) for EF.SOD file, `SecurityInfos` for EF.CardSecurity file.

Note

EncapsulatedContentInfo is completely parsed according to context, and is not returned as an ASN.1 OCTET STRING.

Signed Data¶

Signed data ASN.1 structure is considered as follows:

Field	ASN.1 type
`version`	`INTEGER`
`digestAlgorithms`	`SET of AlgorithmIdentifier` (see Algorithm Identifier)
`encapContentInfo`	`EncapsulatedContentInfo` (see Encapsulated Content Info)
`certificates`	`SET of ANY`
`crls`	`SET of ANY`
`signerInfos`	`SET of ANY`

ICAO files structure¶

ICAO files JSON format is described here.

EF.COM¶

EF.COM output JSON data is an object defined by:

Field		Description	Type
`ldsVersionNumber`		LDS version number	Object (see below)
	`version`	version of the LDS	Integer
	`updateLevel`	update level of the LDS	Integer
`unicodeVersionNumber`		LDS version number	Object (see below)
	`majorVersion`	major version of Unicode	Integer
	`minorVersion`	minor version of Unicode	Integer
`dataGroupTagList`		tag list of all present Data Groups	Array of integers

For instance, an EF.COM content value of (DER-encoded hexadecimal string):

60 19 5F 01 04 30 31 30 37 5F 36 06 30 34 30 30 30 30 5C 07 61 75 63 67 6B 6C 6E

will be, in JSON:

{
        ldsVersionNumber: {
                version: 1,
                updateLevel: 7
        },
        unicodeVersionNumber: {
                majorVersion: 4,
                minorVersion: 0,
                releaseLevel: 0
        },
        dataGroupTagList: [97, 117, 99, 103, 107, 108, 110]
}

EF.SOD¶

EF.SOD output JSON data is an object defined by:

Field		Description	Type
`documentSecurityObject`		document security object	Object (see below)
	`algorithm`	signed data algorithm as an object identifier	String
	`signedData`	signed data	Object (see Signed Data)

Note

eContent contained in signedData is, here, a LDSSecurityObject ASN.1 structure (see LDS Security Object).

EF.CardAccess¶

EF.CardAccess output JSON data is an array of SecurityInfo.

EF.CardSecurity¶

EF.CardSecurity output JSON data is an object defined by:

Field	Description	Type
`algorithm`	signed data algorithm as an object identifier	String
`signedData`	signed data	Object (see Signed Data)

Note

eContent contained in signedData is, here, a SecurityInfos ASN.1 structure.

Data Group 1¶

Returned JSON data is an object with strings value. Depending on Travel Document type, keys are defined below.

Travel Document type 1 type¶

Keys name for Travel Document type 1 are defined here:

key name	name of data element (ICAO spec.)
`documentCode`	Document code
`issuingState`	Issuing State or organization
`documentNumber`	Document number (Nine most significant characters)
`checkDigitDN`	Check digit — Document number or filler character (<) indicating document number exceeds nine characters
`optionalData1`	Optional data and/or in the case of a Document Number exceeding 9 characters, least significant characters of document number plus document number check digit plus filler character
`dateOfBirth`	Date of birth
`checkDigitDOB`	Check digit — Date of birth
`sex`	Sex
`dateOfExpiry`	Date of Expiry
`checkDigitDOE`	Check digit — Date of expiry
`nationality`	Nationality
`optionalData2`	Optional data
`compositeCheckDigit`	Composite check digit
`nameOfHolder`	Name of holder

Travel Document type 2 type¶

Keys name for Travel Document type 2 are defined here:

key name	name of data element (ICAO spec.)
`documentCode`	Document code
`issuingState`	Issuing State or organization
`nameOfHolder`	Name of holder
`documentNumber`	Document number (Nine principal characters)
`checkDigitDN`	Check digit
`nationality`	Nationality
`dateOfBirth`	Date of birth
`checkDigitDOB`	Check digit
`sex`	Sex
`dateOfExpiry`	Date of Expiry
`checkDigitDOE`	Check digit
`optionalData`	Optional data plus filler character
`compositeCheckDigit`	Composite Check Digit - MRZ line 2

Travel Document type 3 type¶

Keys name for Travel Document type 3 are defined here:

key name	name of data element (ICAO spec.)
`documentCode`	Document code
`issuingState`	Issuing State or organization
`nameOfHolder`	Name of holder
`documentNumber`	Document number
`checkDigitDN`	Check digit — Document number
`nationality`	Nationality
`dateOfBirth`	Date of birth
`checkDigitDOB`	Check digit — Date of birth
`sex`	Sex
`dateOfExpiry`	Date of Expiry
`checkDigitDOE`	Check digit — Date of expiry or valid until date
`optionalData`	Optional data plus filler character
`checkDigit`	Check digit
`compositeCheckDigit`	Composite check digit

Data Group 2¶

DG 2 output JSON data is an object defined by:

Field	Description	Type
`biometricInformationTemplate`	Biometric Information Template	Array of Biometric Information Template Object (see Biometric Information Template)

Biometric Information Template¶

Biometric Information Template JSON object is defined by:

Field		Description	Type
`biometricHeaderTemplate`		biometric header template	Object (see below)
	`icaoHeaderVersion`	ICAO header version (“0101”)	String
	`biometricType`	biometric type	String
	`biometricSubtype`	biometric subtype	String
	`creationDateAndTime`	creation date and time	String
	`validityPeriod`	validity period (from through)	String
	`creatorOfBiometricReferenceData`	creator of the biometric reference data (PID)	String
	`formatOwner`	format owner	String
	`formatType`	format type	String
`biometricData`		biometric data	Hexadecimal string
`encipheredBiometricData`		enciphered biometric data	Hexadecimal string

Note

All strings defined in Biometric Information Template JSON object are considered as ASN.1 Octet String type.

Note

As specified in ICAO specifications, if biometricData is present, encipheredBiometricData is absent and vice versa.

Data Group 3¶

DG 3 output JSON data is an object defined by:

Field	Description	Type
`biometricInformationTemplate`	biometric information template	Array of Biometric Information Template Object (see Biometric Information Template)
`issuerDefinedContent`	issuer defined content	Hexadecimal string

Note

issuerDefinedContent key is present only if biometricInformationTemplate is an empty array.

Data Group 4¶

DG 4 output JSON data is same as DG 3, see above.

Data Group 5¶

DG 5 output JSON data is an array of hexadecimal strings, each element representing a displayed portrait.

Data Group 7¶

DG 7 output JSON data is an array of hexadecimal strings, each element representing a displayed signature or mark.

Data Group 11¶

DG 11 output JSON data is an object defined by:

Field	Description	Type
`fullNameOfDocumentHolder`	full name of document holder	String
`otherNames`	other names	Array of strings
`personalNumber`	personal number	String
`fullDateOfBirth`	full date of birth (YYYYMMDD)	String
`placeOfBirth`	place of birth, fields separated by “<”	String
`permanentAddress`	permanent address, fields separated by “<”	String
`telephone`	telephone	String
`profession`	profession	String
`title`	title	String
`personalSummary`	personal summary	String
`proofOfCitizenship`	proof of citizenship	Hexadecimal string
`otherValidTDNumbers`	other valid TD numbers, separated by “<”	String
`custodyInformation`	custody information	String

Note

tag list of present tags in DG 11 file content is not returned.

Data Group 12¶

DG 12 output JSON data is an object defined by:

Field	Description	Type
`issuingAuthority`	issuing authority	String
`dateOfIssue`	date of issue (YYYYMMDD)	String
`nameOfOtherPersons`	name of other persons	Array of strings
`endorsements`	endorsements, observations	String
`taxRequirements`	tax/exit requirements	String
`imageOfFrontDocument`	image of front of document	Hexadecimal string
`imageOfRearDocument`	image of rear of document	Hexadecimal string
`personalizationTime`	date and time of document personalization (YYYYMMDDHHMMSS)	String
`serialNumber`	serial number of personalization system	String

Note

tag list of present tags in DG 12 file content is not returned.

Data Group 14¶

DG 14 output JSON data is an object defined by:

Field	Description	Type
`securityInfos`	security infos	Array of objects, each object representing a `SecurityInfo` ASN.1 structure

Data Group 15¶

DG 15 output JSON data is an object defined by:

Field	Description	Type
`activeAuthenticationPublicKeyInfo`	active authentication public key info	Object (see Subject Public Key Info)

Data Group 16¶

DG 16 output JSON data is an array of objects, each object representing a person to notify, as follows:

Field	Description	Type
`dateDataRecorded`	date data recorded (YYYYMMDD)	String
`nameOfPerson`	name of person	String
`telephone`	telephone number	String
`address`	address	String

ASN.1 structures specificities for ICAO¶

ASN.1 structures¶

Security Info¶

Algorithm Identifier¶

Subject Public Key Info¶

Data Group Hash¶

LDS Version Info¶

LDS Security Object¶

Encapsulated Content Info¶

Signed Data¶

ICAO files structure¶

EF.COM¶

EF.SOD¶

EF.CardAccess¶

EF.CardSecurity¶

Data Group 1¶

Travel Document type 1 type¶

Travel Document type 2 type¶

Travel Document type 3 type¶

Data Group 2¶

Biometric Information Template¶

Data Group 3¶

Data Group 4¶

Data Group 5¶

Data Group 7¶

Data Group 11¶

Data Group 12¶

Data Group 14¶

Data Group 15¶

Data Group 16¶

ICAO SCWS API

Table Of Contents

Related Topics