DocumentSecurityObject Structure Reference
DocumentSecurityObject
public struct DocumentSecurityObject : CodableAn ASN.1 object containing cryptographic data used to verify passport integrity and authenticity
The Document Security Object (SOD) is a CMS SignedData object as defined in RFC 3369. The encapContentInfo.eContent of the SOD is an LDSSecurityObject (a nested, encoded ASN.1) that contains the data structure version, the hash algorithm used, and the complete list of hashes for each of the data groups on the chip.
The certificates section contains the Document Signer Certificate, which is used to sign the nested SignedAttributes object. Following RFC 5652, the MessageDigest attribute within the SignedAttributes objects must match the locally computed hash of encapContentInfo to verify integrity. The signature of SignedAttributes must then be verified with the Document Signer Certificate, and the Document Signer Certificate must be verified against a verified Country Signing Certification Authority (CSCA) certificate list such as an ICAO PKD Master List & must not be present in a verified Certificate Revocation List.
The SDK will perform most of these checks by default, but CSCA verification is not done automatically. To perform this additional check,
you must provide a cscaMasterListURL to the PassportChipReader before starting the reader.
-
Contains the full CMS object
Declaration
Swift
public let rawData: Data -
If
true, then CMS verification passed with the embedded Document Signer CertificateWarning
A verified signature helps ensure integrity, but it does not prove authenticity. The embedded certificate must be built in a trust chain against a trusted CSCA certificate to prove authenticity. To perform this additional check, you must provide acscaMasterListURLto thePassportChipReaderbefore starting the reader.Declaration
Swift
public let isSignatureValid: Bool