Public key registry and merkle tree builder for OpenPassport. We currently use the DSC list from the ICAO. The latest version can be downloaded here. If you update them, be sure to change the filenames in the scripts! As it does not contain all the DSCs used by all countries, we are working on verifying the full certificate chain up to CSCA, see here.
Here is the certificate chain flow. Basically, CSCA certificates are used to sign DSC certificates which sign the SOD files contained in passport chips.
More info are available on the ICAO website.
Install dependencies:
yarn install-registry
Extract the masterlist: run the following command to extract the masterlist from the ICAO website as a folder of pem certificates.
$arg |
description | output |
|---|---|---|
dsc |
extract the dsc masterlist | outputs/dsc/pem_masterlist |
csca |
extract the csca masterlist | outputs/csca/pem_masterlist |
all |
extract both |
yarn masterlist-extract $argThis repo is already setup to push the extracted masterlist to a postgres database.
Add a .env file with the POSTGRES .env variables:
POSTGRES_URL=""
POSTGRES_PRISMA_URL=""
POSTGRES_URL_NO_SSL=""
POSTGRES_URL_NON_POOLING=""
POSTGRES_USER=""
POSTGRES_HOST=""
POSTGRES_PASSWORD=""
POSTGRES_DATABASE=""Init the database:
yarn db-initPush the extracted masterlist to Postgres database:
$arg |
description |
|---|---|
dsc |
parse and push the dsc masterlist |
csca |
parse and push the csca masterlist |
all |
parse and push both |
yarn db-push $argBuild JSON files:
ts-node src/buildJson.ts