PyCon LT 2022

Processing identity doc NFC chips: Pythonic way to handle parsing and cryptography
05-27, 13:30–14:00 (Europe/Vilnius), Python Room

At ZealiD, we had to implement eMRTD RFID / NFC chip reading, parsing and cryptographic verification in Python. This proved to be an interesting excursion into ASN.1 data structures and handling crypto in Python. I'll walk you through this journey of discovery and will highlight Python's strengths and gotchas here.

We had to make sure we do this properly as it forms part of our qualified remote TRA process and qualified certificate issuance.

Combining ability to traverse and prototype asn1crypto library structures and later apply mypy proved useful. I'll show you why!

See Abstract. Apart from that, the context is: we had to implement eMRTD (travel/identity docs) ICAO 9303-compatible RFID / NFC chip data reading, parsing and cryptographic verification in Python for the purposes of Passive Authentication.

We did not find any decent Python library to do this. All we found were snippets which make hacky openssl calls, ingest results, do ugly untyped bit wrangling and then do some more openssl calls. We ended up writing our own solution for this.

What topics define your talk the best?

python, security

I like everything from hairy backends to cognitive neuroscience. Been part of this weird world of professional software engineering for a while.

I remember an interesting defining moment in 2013 in Munich where working as a GSoC intern at Tor, I overheard a conversation where a person from Syria was sharing how they rely on certain software to make sure they're not persecuted by their government which actively oppresses activists. They were like, "yeah and you could improve usability in this place, that would be great, but otherwise yeah, appreciate being alive, you know."

Tech-wise, I like both low-level security-focused engineering as well as HoTT. I guess I can thank my background in Computer Science and Philosophy for my pretentious eclectic tastes. To paraphrase my personal hero Moxie Marlinspike, I'm both fascinated and scared by technology and what it can do.

I currently lead software architecture at ZealiD where, originally, I work as a Software Architect.