Skip to content

Public keys are never exchanged between subsystems – only the ePassports (open key certificates) + verification #465

New issue
New issue
Open
Open
Public keys are never exchanged between subsystems – only the ePassports (open key certificates) + verification#465
Labels
AT-controlthe issue of personal interest for Alex TourskibugSomething isn't workingpriority - 2Major feature broken, many users affected
@AlexTourski

Description

@AlexTourski
AlexTourski
opened on Nov 25, 2025

Description

On the call 24 Nov 2025 Merul mentioned that the public key could be send directly from one subsystem to another.
This is not secure and vulnerable to the man-in-the-middle attack.

Expected behavior

The right way:
The subsystem which needs the public key of the user:

  • will get the ePassport
  • check it out via the chain of CA signatures
  • final check should be done with the root CA which is on board of the subsystem and was securely provided by the supplier (which means that this procedure also should be described and properly executed).
  • only then the public key is considered trusted and could be used
  • We also need an audit that it works like that in all components

Metadata

Metadata

Assignees

No one assigned

    Labels

    AT-controlthe issue of personal interest for Alex TourskibugSomething isn't workingpriority - 2Major feature broken, many users affected

    Type

    No type

    Projects

    Project Tracker

    Status

    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions