.. include:: ../abbreviations.txt ASN.1 structures specificities for ICAO ======================================= ICAO and eIDAS specify complex ASN.1 structures, or simply DER encoded data in **Logical Data Structure**. We define here JSON output format (with attributes name, type and content) for each file or structure. .. NOTE:: If a field is optional and missing in a structure defined in ICAO specifications, JSON corresponding key is absent. .. NOTE:: Output of some structures (for example ``SignedData`` in *EF.SOD* file) are simplified or modified compared to their definition. Following files are parsed and returned in JSON format: - DG 1 - DG 2 - DG 3 - DG 4 - DG 5 - DG 7 - DG 11 - DG 12 - DG 14 - DG 15 - DG 16 - EF.SOD - EF.COM - EF.CardSecurity - EF.CardAccess ASN.1 structures ---------------- ASN.1 structures, when they are clearly defined in ICAO or eIDAS specifications, are returned in JSON according to :ref:`asn1_json_conversion_rules_label`. For instance, a ``PACEInfo`` could be, in JSON:: { protocol: "0.4.0.127.0.7.2.2.4.2.4", version: 2, parameterId: 16 } Some ASN.1 structures defined in ICAO specifications are returned in JSON with some specificities. They are described in the following paragraphs. Security Info ^^^^^^^^^^^^^ Following ``SecurityInfo`` types are returned in JSON format: - ``PACEInfo`` - ``PACEDomainParameterInfo`` - ``ActiveAuthenticationInfo`` - ``ChipAuthenticationInfo`` - ``ChipAuthenticationPublicKeyInfo`` - ``ChipAuthenticationDomainParameterInfo`` - ``TerminalAuthenticationInfo`` They could be present in files as *EF.CardAccess*, *EF.CardSecurity*, *DG 14* and so on. Other ``SecurityInfo`` types are defined and returned as follows: +-------------------------------------+----------------------------------------------+ | Field | ASN.1 type | +=====================================+==============================================+ | ``protocol`` | ``OBJECT IDENTIFIER`` | +-------------------------------------+----------------------------------------------+ | ``requiredData`` | ``ANY`` | +-------------------------------------+----------------------------------------------+ | ``optionalData`` | ``ANY`` | +-------------------------------------+----------------------------------------------+ .. _algorithm_identifier_asn1_label: Algorithm Identifier ^^^^^^^^^^^^^^^^^^^^ Algorithm identifier ASN.1 structure is considered as follows: +-------------------------------------+----------------------------------------------+ | Field | ASN.1 type | +=====================================+==============================================+ | ``algorithm`` | ``OBJECT IDENTIFIER`` | +-------------------------------------+----------------------------------------------+ | ``parameters`` | ``ANY`` | +-------------------------------------+----------------------------------------------+ .. _subject_public_key_info_asn1_label: Subject Public Key Info ^^^^^^^^^^^^^^^^^^^^^^^ Subject public key info ASN.1 structure is considered as follows: +-------------------------------------+-----------------------------------------------------------------------+ | Field | ASN.1 type | +=====================================+=======================================================================+ | ``algorithm`` | ``AlgorithmIdentifier`` (see :ref:`algorithm_identifier_asn1_label`) | +-------------------------------------+-----------------------------------------------------------------------+ .. _data_group_hash_asn1_label: Data Group Hash ^^^^^^^^^^^^^^^ Data Group Hash ASN.1 structure is considered as follows: +-------------------------------------+-----------------------------------------------------------------------+ | Field | ASN.1 type | +=====================================+=======================================================================+ | ``dataGroupNumber`` | ``INTEGER`` | +-------------------------------------+-----------------------------------------------------------------------+ | ``dataGroupHashValue`` | ``OCTET STRING`` | +-------------------------------------+-----------------------------------------------------------------------+ .. _lds_version_info_asn1_label: LDS Version Info ^^^^^^^^^^^^^^^^ LDS Version Info ASN.1 structure is considered as follows: +-------------------------------------+-----------------------------------------------------------------------+ | Field | ASN.1 type | +=====================================+=======================================================================+ | ``ldsVersion`` | ``STRING`` | +-------------------------------------+-----------------------------------------------------------------------+ | ``unicodeVersion`` | ``STRING`` | +-------------------------------------+-----------------------------------------------------------------------+ .. _lds_security_object_asn1_label: LDS Security Object ^^^^^^^^^^^^^^^^^^^ LDS Security Object ASN.1 structure is considered as follows: +-------------------------------------+-----------------------------------------------------------------------+ | Field | ASN.1 type | +=====================================+=======================================================================+ | ``version`` | ``INTEGER`` | +-------------------------------------+-----------------------------------------------------------------------+ | ``hashAlgorithm`` | ``AlgorithmIdentifier`` (see :ref:`algorithm_identifier_asn1_label`) | +-------------------------------------+-----------------------------------------------------------------------+ | ``dataGroupHashValues`` | ``SET of DataGroupHash`` (see :ref:`data_group_hash_asn1_label`) | +-------------------------------------+-----------------------------------------------------------------------+ | ``ldsVersionInfo`` | ``LDSVersionInfo`` (see :ref:`lds_version_info_asn1_label`) | +-------------------------------------+-----------------------------------------------------------------------+ .. _encapsulated_content_info_asn1_label: Encapsulated Content Info ^^^^^^^^^^^^^^^^^^^^^^^^^ Encapsulated Content Info ASN.1 structure is considered as follows: +-------------------------------------+-----------------------------------------------------------------------+ | Field | ASN.1 type | +=====================================+=======================================================================+ | ``eContentType`` | ``OBJECT IDENTIFIER`` | +-------------------------------------+-----------------------------------------------------------------------+ | ``eContent`` | ``LDSSecurityObject`` (see :ref:`lds_security_object_asn1_label`) for | | | EF.SOD file, ``SecurityInfos`` for EF.CardSecurity file. | +-------------------------------------+-----------------------------------------------------------------------+ .. NOTE:: ``EncapsulatedContentInfo`` is completely parsed according to context, and is not returned as an ASN.1 ``OCTET STRING``. .. _signed_data_label: Signed Data ^^^^^^^^^^^ Signed data ASN.1 structure is considered as follows: +-------------------------------------+-----------------------------------------------------------------------+ | Field | ASN.1 type | +=====================================+=======================================================================+ | ``version`` | ``INTEGER`` | +-------------------------------------+-----------------------------------------------------------------------+ | ``digestAlgorithms`` | ``SET of AlgorithmIdentifier`` | | | (see :ref:`algorithm_identifier_asn1_label`) | +-------------------------------------+-----------------------------------------------------------------------+ | ``encapContentInfo`` | ``EncapsulatedContentInfo`` | | | (see :ref:`encapsulated_content_info_asn1_label`) | +-------------------------------------+-----------------------------------------------------------------------+ | ``certificates`` | ``SET of ANY`` | +-------------------------------------+-----------------------------------------------------------------------+ | ``crls`` | ``SET of ANY`` | +-------------------------------------+-----------------------------------------------------------------------+ | ``signerInfos`` | ``SET of ANY`` | +-------------------------------------+-----------------------------------------------------------------------+ ICAO files structure -------------------- ICAO files JSON format is described here. EF.COM ^^^^^^ EF.COM output JSON data is an object defined by: +------------------------------------+-----------------------------------------+-------------------------------------+ | Field | Description | Type | +====================================+=========================================+=====================================+ | ``ldsVersionNumber`` | LDS version number | Object (see below) | +----+-------------------------------+-----------------------------------------+-------------------------------------+ | | ``version`` | version of the LDS | Integer | +----+-------------------------------+-----------------------------------------+-------------------------------------+ | | ``updateLevel`` | update level of the LDS | Integer | +----+-------------------------------+-----------------------------------------+-------------------------------------+ | ``unicodeVersionNumber`` | LDS version number | Object (see below) | +----+-------------------------------+-----------------------------------------+-------------------------------------+ | | ``majorVersion`` | major version of *Unicode* | Integer | +----+-------------------------------+-----------------------------------------+-------------------------------------+ | | ``minorVersion`` | minor version of *Unicode* | Integer | +----+-------------------------------+-----------------------------------------+-------------------------------------+ | ``dataGroupTagList`` | tag list of all present Data Groups | Array of integers | +------------------------------------+-----------------------------------------+-------------------------------------+ For instance, an EF.COM content value of (DER-encoded hexadecimal string):: 60 19 5F 01 04 30 31 30 37 5F 36 06 30 34 30 30 30 30 5C 07 61 75 63 67 6B 6C 6E will be, in JSON:: { ldsVersionNumber: { version: 1, updateLevel: 7 }, unicodeVersionNumber: { majorVersion: 4, minorVersion: 0, releaseLevel: 0 }, dataGroupTagList: [97, 117, 99, 103, 107, 108, 110] } EF.SOD ^^^^^^ EF.SOD output JSON data is an object defined by: +------------------------------------+-------------------------------------------------+---------------------------------------+ | Field | Description | Type | +====================================+=================================================+=======================================+ | ``documentSecurityObject`` | document security object | Object (see below) | +----+-------------------------------+-------------------------------------------------+---------------------------------------+ | | ``algorithm`` | signed data algorithm as an object identifier | String | +----+-------------------------------+-------------------------------------------------+---------------------------------------+ | | ``signedData`` | signed data | Object (see :ref:`signed_data_label`) | +----+-------------------------------+-------------------------------------------------+---------------------------------------+ .. note:: ``eContent`` contained in ``signedData`` is, here, a ``LDSSecurityObject`` ASN.1 structure (see :ref:`lds_security_object_asn1_label`). EF.CardAccess ^^^^^^^^^^^^^^ EF.CardAccess output JSON data is an array of ``SecurityInfo``. EF.CardSecurity ^^^^^^^^^^^^^^^ EF.CardSecurity output JSON data is an object defined by: +------------------------------------+-------------------------------------------------+---------------------------------------+ | Field | Description | Type | +====================================+=================================================+=======================================+ | ``algorithm`` | signed data algorithm as an object identifier | String | +------------------------------------+-------------------------------------------------+---------------------------------------+ | ``signedData`` | signed data | Object (see :ref:`signed_data_label`) | +------------------------------------+-------------------------------------------------+---------------------------------------+ .. note:: ``eContent`` contained in ``signedData`` is, here, a ``SecurityInfos`` ASN.1 structure. Data Group 1 ^^^^^^^^^^^^ Returned JSON data is an object with strings value. Depending on Travel Document type, keys are defined below. Travel Document type 1 type """"""""""""""""""""""""""" Keys name for Travel Document type 1 are defined here: +-------------------------+-------------------------------------------------------------------+ | key name | name of data element (ICAO spec.) | +=========================+===================================================================+ | ``documentCode`` | Document code | +-------------------------+-------------------------------------------------------------------+ | ``issuingState`` | Issuing State or organization | +-------------------------+-------------------------------------------------------------------+ | ``documentNumber`` | Document number (Nine most significant characters) | +-------------------------+-------------------------------------------------------------------+ | ``checkDigitDN`` | Check digit — Document number or filler character (<) indicating | | | document number exceeds nine characters | +-------------------------+-------------------------------------------------------------------+ | ``optionalData1`` | Optional data and/or in the case of a Document Number exceeding 9 | | | characters, least significant characters of document number plus | | | document number check digit plus filler character | +-------------------------+-------------------------------------------------------------------+ | ``dateOfBirth`` | Date of birth | +-------------------------+-------------------------------------------------------------------+ | ``checkDigitDOB`` | Check digit — Date of birth | +-------------------------+-------------------------------------------------------------------+ | ``sex`` | Sex | +-------------------------+-------------------------------------------------------------------+ | ``dateOfExpiry`` | Date of Expiry | +-------------------------+-------------------------------------------------------------------+ | ``checkDigitDOE`` | Check digit — Date of expiry | +-------------------------+-------------------------------------------------------------------+ | ``nationality`` | Nationality | +-------------------------+-------------------------------------------------------------------+ | ``optionalData2`` | Optional data | +-------------------------+-------------------------------------------------------------------+ | ``compositeCheckDigit`` | Composite check digit | +-------------------------+-------------------------------------------------------------------+ | ``nameOfHolder`` | Name of holder | +-------------------------+-------------------------------------------------------------------+ Travel Document type 2 type """"""""""""""""""""""""""" Keys name for Travel Document type 2 are defined here: +-------------------------+-------------------------------------------------------------------+ | key name | name of data element (ICAO spec.) | +=========================+===================================================================+ | ``documentCode`` | Document code | +-------------------------+-------------------------------------------------------------------+ | ``issuingState`` | Issuing State or organization | +-------------------------+-------------------------------------------------------------------+ | ``nameOfHolder`` | Name of holder | +-------------------------+-------------------------------------------------------------------+ | ``documentNumber`` | Document number (Nine principal characters) | +-------------------------+-------------------------------------------------------------------+ | ``checkDigitDN`` | Check digit | +-------------------------+-------------------------------------------------------------------+ | ``nationality`` | Nationality | +-------------------------+-------------------------------------------------------------------+ | ``dateOfBirth`` | Date of birth | +-------------------------+-------------------------------------------------------------------+ | ``checkDigitDOB`` | Check digit | +-------------------------+-------------------------------------------------------------------+ | ``sex`` | Sex | +-------------------------+-------------------------------------------------------------------+ | ``dateOfExpiry`` | Date of Expiry | +-------------------------+-------------------------------------------------------------------+ | ``checkDigitDOE`` | Check digit | +-------------------------+-------------------------------------------------------------------+ | ``optionalData`` | Optional data plus filler character | +-------------------------+-------------------------------------------------------------------+ | ``compositeCheckDigit`` | Composite Check Digit - MRZ line 2 | +-------------------------+-------------------------------------------------------------------+ Travel Document type 3 type """"""""""""""""""""""""""" Keys name for Travel Document type 3 are defined here: +-------------------------+-------------------------------------------------------------------+ | key name | name of data element (ICAO spec.) | +=========================+===================================================================+ | ``documentCode`` | Document code | +-------------------------+-------------------------------------------------------------------+ | ``issuingState`` | Issuing State or organization | +-------------------------+-------------------------------------------------------------------+ | ``nameOfHolder`` | Name of holder | +-------------------------+-------------------------------------------------------------------+ | ``documentNumber`` | Document number | +-------------------------+-------------------------------------------------------------------+ | ``checkDigitDN`` | Check digit — Document number | +-------------------------+-------------------------------------------------------------------+ | ``nationality`` | Nationality | +-------------------------+-------------------------------------------------------------------+ | ``dateOfBirth`` | Date of birth | +-------------------------+-------------------------------------------------------------------+ | ``checkDigitDOB`` | Check digit — Date of birth | +-------------------------+-------------------------------------------------------------------+ | ``sex`` | Sex | +-------------------------+-------------------------------------------------------------------+ | ``dateOfExpiry`` | Date of Expiry | +-------------------------+-------------------------------------------------------------------+ | ``checkDigitDOE`` | Check digit — Date of expiry or valid until date | +-------------------------+-------------------------------------------------------------------+ | ``optionalData`` | Optional data plus filler character | +-------------------------+-------------------------------------------------------------------+ | ``checkDigit`` | Check digit | +-------------------------+-------------------------------------------------------------------+ | ``compositeCheckDigit`` | Composite check digit | +-------------------------+-------------------------------------------------------------------+ Data Group 2 ^^^^^^^^^^^^ DG 2 output JSON data is an object defined by: +------------------------------------+-----------------------------------------+------------------------------------------------------+ | Field | Description | Type | +====================================+=========================================+======================================================+ | ``biometricInformationTemplate`` | Biometric Information Template | Array of *Biometric Information Template* | | | | Object (see :ref:`biometric_info_template_label`) | +------------------------------------+-----------------------------------------+------------------------------------------------------+ .. _biometric_info_template_label: Biometric Information Template """""""""""""""""""""""""""""" *Biometric Information Template* JSON object is defined by: +------------------------------------------+-----------------------------------------+-------------------------------------+ | Field | Description | Type | +==========================================+=========================================+=====================================+ | ``biometricHeaderTemplate`` | biometric header template | Object (see below) | +----+-------------------------------------+-----------------------------------------+-------------------------------------+ | | ``icaoHeaderVersion`` | ICAO header version ("0101") | String | +----+-------------------------------------+-----------------------------------------+-------------------------------------+ | | ``biometricType`` | biometric type | String | +----+-------------------------------------+-----------------------------------------+-------------------------------------+ | | ``biometricSubtype`` | biometric subtype | String | +----+-------------------------------------+-----------------------------------------+-------------------------------------+ | | ``creationDateAndTime`` | creation date and time | String | +----+-------------------------------------+-----------------------------------------+-------------------------------------+ | | ``validityPeriod`` | validity period (from through) | String | +----+-------------------------------------+-----------------------------------------+-------------------------------------+ | | ``creatorOfBiometricReferenceData`` | creator of the biometric reference data | String | | | | (PID) | | +----+-------------------------------------+-----------------------------------------+-------------------------------------+ | | ``formatOwner`` | format owner | String | +----+-------------------------------------+-----------------------------------------+-------------------------------------+ | | ``formatType`` | format type | String | +----+-------------------------------------+-----------------------------------------+-------------------------------------+ | ``biometricData`` | biometric data | Hexadecimal string | +------------------------------------------+-----------------------------------------+-------------------------------------+ | ``encipheredBiometricData`` | enciphered biometric data | Hexadecimal string | +------------------------------------------+-----------------------------------------+-------------------------------------+ .. note:: All strings defined in *Biometric Information Template* JSON object are considered as **ASN.1 Octet String** type. .. note:: As specified in ICAO specifications, if ``biometricData`` is present, ``encipheredBiometricData`` is absent and vice versa. Data Group 3 ^^^^^^^^^^^^ DG 3 output JSON data is an object defined by: +------------------------------------+-----------------------------------------+------------------------------------------------------+ | Field | Description | Type | +====================================+=========================================+======================================================+ | ``biometricInformationTemplate`` | biometric information template | Array of *Biometric Information Template* | | | | Object (see :ref:`biometric_info_template_label`) | +------------------------------------+-----------------------------------------+------------------------------------------------------+ | ``issuerDefinedContent`` | issuer defined content | Hexadecimal string | +------------------------------------+-----------------------------------------+------------------------------------------------------+ .. note:: ``issuerDefinedContent`` key is present only if ``biometricInformationTemplate`` is an empty array. Data Group 4 ^^^^^^^^^^^^ DG 4 output JSON data is same as DG 3, see above. Data Group 5 ^^^^^^^^^^^^ DG 5 output JSON data is an array of hexadecimal strings, each element representing a displayed portrait. Data Group 7 ^^^^^^^^^^^^ DG 7 output JSON data is an array of hexadecimal strings, each element representing a displayed signature or mark. Data Group 11 ^^^^^^^^^^^^^ DG 11 output JSON data is an object defined by: +------------------------------------+---------------------------------------------+------------------------------------------------------+ | Field | Description | Type | +====================================+=============================================+======================================================+ | ``fullNameOfDocumentHolder`` | full name of document holder | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``otherNames`` | other names | Array of strings | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``personalNumber`` | personal number | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``fullDateOfBirth`` | full date of birth (YYYYMMDD) | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``placeOfBirth`` | place of birth, fields separated by "<" | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``permanentAddress`` | permanent address, fields separated by "<" | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``telephone`` | telephone | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``profession`` | profession | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``title`` | title | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``personalSummary`` | personal summary | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``proofOfCitizenship`` | proof of citizenship | Hexadecimal string | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``otherValidTDNumbers`` | other valid TD numbers, separated by "<" | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``custodyInformation`` | custody information | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ .. note:: tag list of present tags in DG 11 file content is not returned. Data Group 12 ^^^^^^^^^^^^^ DG 12 output JSON data is an object defined by: +------------------------------------+---------------------------------------------+------------------------------------------------------+ | Field | Description | Type | +====================================+=============================================+======================================================+ | ``issuingAuthority`` | issuing authority | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``dateOfIssue`` | date of issue (YYYYMMDD) | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``nameOfOtherPersons`` | name of other persons | Array of strings | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``endorsements`` | endorsements, observations | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``taxRequirements`` | tax/exit requirements | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``imageOfFrontDocument`` | image of front of document | Hexadecimal string | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``imageOfRearDocument`` | image of rear of document | Hexadecimal string | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``personalizationTime`` | date and time of document personalization | String | | | (YYYYMMDDHHMMSS) | | +------------------------------------+---------------------------------------------+------------------------------------------------------+ | ``serialNumber`` | serial number of personalization system | String | +------------------------------------+---------------------------------------------+------------------------------------------------------+ .. note:: tag list of present tags in DG 12 file content is not returned. Data Group 14 ^^^^^^^^^^^^^ DG 14 output JSON data is an object defined by: +--------------------+---------------------------------------------+--------------------------------------------------------+ | Field | Description | Type | +====================+=============================================+========================================================+ | ``securityInfos`` | security infos | Array of objects, each object representing a | | | | ``SecurityInfo`` ASN.1 structure | +--------------------+---------------------------------------------+--------------------------------------------------------+ Data Group 15 ^^^^^^^^^^^^^ DG 15 output JSON data is an object defined by: +----------------------------------------+---------------------------------------------+--------------------------------------------------------+ | Field | Description | Type | +========================================+=============================================+========================================================+ | ``activeAuthenticationPublicKeyInfo`` | active authentication public key info | Object (see :ref:`subject_public_key_info_asn1_label`) | +----------------------------------------+---------------------------------------------+--------------------------------------------------------+ Data Group 16 ^^^^^^^^^^^^^ DG 16 output JSON data is an array of objects, each object representing a *person to notify*, as follows: +----------------------------------------+---------------------------------------------+--------------------------------------------------------+ | Field | Description | Type | +========================================+=============================================+========================================================+ | ``dateDataRecorded`` | date data recorded (YYYYMMDD) | String | +----------------------------------------+---------------------------------------------+--------------------------------------------------------+ | ``nameOfPerson`` | name of person | String | +----------------------------------------+---------------------------------------------+--------------------------------------------------------+ | ``telephone`` | telephone number | String | +----------------------------------------+---------------------------------------------+--------------------------------------------------------+ | ``address`` | address | String | +----------------------------------------+---------------------------------------------+--------------------------------------------------------+