EidKit Android SDK/ro.eidkit.sdk.model/ChipAuthProof

ChipAuthProof

data class ChipAuthProof(val terminalPublicKey: ByteArray, val sharedSecretX: ByteArray, val rawDg14: ByteArray, val serverMode: Boolean = false)

Cryptographic proof from BSI TR-03110 Chip Authentication, carried inside a CeiIdentityClaim.

CA proves the physical chip holds the private key corresponding to the public key in DG14, which is hashed in the SOD by MAI. This binds the identity data (DG1) and the CE81 active authentication key to the same physical card via a single MAI-signed document (EF.SOD).

In server-key mode (serverMode = true), terminalPublicKey was supplied by the server and the corresponding private key never left the server. The server verifies sharedSecretX by independently computing ECDH(d_terminal_server, Q_chip) — a compromised app cannot forge this because it never had d_terminal.

In local mode (serverMode = false), the keypair was generated on-device (v1 flow).

Constructors

Link copied to clipboard
constructor(terminalPublicKey: ByteArray, sharedSecretX: ByteArray, rawDg14: ByteArray, serverMode: Boolean = false)

Properties

Link copied to clipboard
val rawDg14: ByteArray

Raw DG14 bytes — contains Q_chip, hashed in SOD by MAI

Link copied to clipboard
val serverMode: Boolean = false

True when terminalPublicKey was supplied by the server (v2 flow — d_terminal never on device)

Link copied to clipboard
val sharedSecretX: ByteArray

X coordinate of the ECDH shared secret K_ca (32 bytes)

Link copied to clipboard
val terminalPublicKey: ByteArray

Terminal EC public key sent to chip via GENERAL AUTHENTICATE (uncompressed, 65 bytes, brainpoolP256r1)

Functions

Link copied to clipboard
open operator override fun equals(other: Any?): Boolean
Link copied to clipboard
open override fun hashCode(): Int