CAN support for PACE version 2 #160
Conversation
Add PACEAccessKey enum to disambiguate between MRZ and CAN in PassportReader. PACEHandler can derive `paceKey` from CAN. Deprecate `readPassport( mrzKey: ...)`.
`TagReader.send( cmd: )` error handling is improved, so that authentication failure for invalid CAN is detected. `InvalidMRZKey` is now `AuthenticationFailed`, which is used for both MRZ & CAN.
|
I am trying to read the French ID card using CAN/ MRZ, but PACE failed with an invalid parameter error. Please see the log and any help is appreciated. 2022-10-26 13:57:33.1280 - tagReaderSessionDidBecomeActive Thanks. |
Summary
Card Access Number can be used for PACE
This is heavily inspired by #106, which I tried to rebase onto current main branch, but eventually decided to patch it by hand, because there was conflicts that I couldn't resolve in reasonable time.
As opposed to #106, there's some changes in error handling, which in our tests can detect if CAN was invalid.
We've tested the changes successfully with a couple of Finnish passports, on iOS 16.
Changes
PACEAccessKeyenum, which can either be.mrzor.canPassportReader.readPassport()now usesPACEAccessKeywhen establishing PACE.PassportReader.startReading()doesn't fallback to BAC when PACE fails, if CAN was used.PassportReader.readPassport( mrzKey: ...)as deprecated overload ofreadPassport( accessKey: ...). Not sure if this makes sense, because of the next bullet point...NFCPassportReaderError.InvalidMRZKeywithNFCPassportReaderError.AuthenticationFailed, to indicate that either CAN or MRZ was incorrect.TagReader.send, to handle authentication error when using incorrect CANCaveats
NFCPassportReaderError.InvalidMRZKeyis removedRemarks
I checked the SPM example, and it's pinned to older version of the library. Perhaps the example should be changed so that it uses local version of NFCPassportReader package, to make it easier to develop the example along with the changes to library?