|
|
|
|
|
|
by jaanjalgratas
1783 days ago
|
|
|
Estonian ID-cards contain 2 key pairs: authentication and signature. Certificates’ DN contain both: owner’s full name and Personal Code. Personal Code contains your sex and birth date. Also, there’s data file on chip containing all textual data seen on the card, no image. So it’s easy to use ID-card in both, physical stores (reads data file for Personal Code) and e-shops (reads certificate after auth). This document image service was just a convenience service to download your document image. Problem causing the issue was that auth certificate path was not verified during authentication, so you could impersonate by generating fake auth certificates. |
|
|