Skip to content

privacybydesign/vcmrtd

BranchesTags

Repository files navigation

Lines of Code Maintainability Rating Quality Gate Status Reliability Rating Vulnerabilities Code Smells Technical Debt codecov

VCMRTD

A Dart/Flutter library for reading and verifying Machine Readable Travel Documents (MRTDs) via NFC.

VCMRTD enables mobile applications to read ePassports, eID cards, and electronic driving licenses using NFC technology. It implements ICAO 9303 standards and supports both Basic Access Control (BAC) and Password Authenticated Connection Establishment (PACE) authentication protocols.

Features

  • NFC Document Reading: Read data from ePassports, eID cards, and electronic driving licenses
  • Multiple Authentication Protocols: Supports BAC and PACE for secure chip communication
  • Data Group Support: Access all standard ICAO data groups (DG1-DG16)
  • Security Verification: Performs Active Authentication (AA) to prevent chip cloning
  • Backend Integration: Works with go-passport-issuer for server-side Passive Authentication and certificate chain validation
  • Verifiable Credentials: Generate VCs for the Yivi ecosystem

Architecture

VCMRTD is designed as a client-side library that handles NFC communication and document parsing. Server-side verification is performed by go-passport-issuer, which uses the GMRTD Go library for:

  • Passive Authentication (PA) with certificate chain validation
  • Active Authentication (AA) signature verification
  • Masterlist support for Dutch and German Certificate Authorities
┌─────────────────┐     ┌─────────────────────┐     ┌─────────────────┐
│   Mobile App    │     │  go-passport-issuer │     │   IRMA Server   │
│   (VCMRTD)      │────▶│  (GMRTD)            │────▶│   (Optional)    │
└─────────────────┘     └─────────────────────┘     └─────────────────┘
        │
        │ NFC
        ▼
┌─────────────────┐
│    ePassport    │
│    / eID Card   │
└─────────────────┘

Installation

Add VCMRTD to your pubspec.yaml:

dependencies:
  vcmrtd:
    git:
      url: https://github.com/privacybydesign/vcmrtd.git
      ref: master

Quick Start

import 'package:vcmrtd/vcmrtd.dart';

// 1. Create access key from MRZ data
final accessKey = DBAKey(
  documentNumber: 'AB1234567',
  dateOfBirth: DateTime(1990, 1, 15),
  dateOfExpiry: DateTime(2030, 1, 15),
);

// 2. Initialize the document reader
final nfc = NfcProvider();
final dataGroupReader = DataGroupReader(accessKey: accessKey, nfc: nfc);
final parser = PassportParser();

final reader = DocumentReader(
  documentParser: parser,
  dataGroupReader: dataGroupReader,
  nfc: nfc,
  config: DocumentReaderConfig(
    readIfAvailable: {
      DataGroups.dg1,  // MRZ data
      DataGroups.dg2,  // Facial image
      DataGroups.dg15, // Active Authentication public key
    },
  ),
);

// 3. Read the document
final result = await reader.readDocument(
  iosNfcMessages: (state) => 'Reading passport...',
);

if (result != null) {
  final (document, rawData) = result;
  print('Name: ${document.firstName} ${document.lastName}');
}

Backend Verification

For production use, document data should be verified server-side:

final issuer = DefaultPassportIssuer(
  hostName: 'https://your-passport-issuer.example.com',
);

// Start verification session
final session = await issuer.startSessionAtPassportIssuer();

// Read document with session nonce for Active Authentication
final result = await reader.readDocument(
  iosNfcMessages: (state) => 'Reading passport...',
  activeAuthenticationParams: session,
);

// Verify document server-side
final verification = await issuer.verifyPassport(result.rawData);

Supported Documents

Document Type BAC PACE Active Auth
ePassports
eID Cards
eDriving Licenses (NL)

Roadmap

  • Face Verification: Biometric face matching against DG2 facial image (planned)
  • PACE-CAM (Chip Authentication Mapping) support
  • Extended Access Control (EAC) support

Documentation

Full documentation is available at privacybydesign.github.io/vcmrtd

Example App

The repository includes a complete example application demonstrating:

  • MRZ scanning via camera or manual entry
  • NFC document reading with progress indication
  • Backend verification integration
  • Verifiable Credential issuance

Home screen MRZ scanning NFC positioning Reading progress Results

Development

Prerequisites

  • Dart SDK 3.8.0+ (Flutter 3.32.0+)
  • Android Studio or Xcode for mobile development
  • A physical device with NFC capability (emulators do not support NFC)

Running the Example App

cd example
flutter pub get
flutter run

Android Keystore Setup

For Android development, ensure your debug keystore SHA256 fingerprint is registered:

keytool -list -v -alias androiddebugkey \
  -keystore ~/.android/debug.keystore \
  -storepass android -keypass android

Related Projects

  • go-passport-issuer - Backend service for document verification and VC issuance
  • GMRTD - Go library for MRTD operations (used by go-passport-issuer)
  • Yivi - Privacy-preserving identity platform

Attribution

This library is based on dmrtd by ZeroPass, with significant modifications and improvements by the Yivi team.

License

Copyright (C) 2025-2026 Yivi B.V.

VCMRTD is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

About

Dart library for Verifiable Credentials from MRTDs

privacybydesign.github.io/vcmrtd/

Resources

Readme

License

View license
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 17

v3.8.0 Latest
Apr 21, 2026
+ 16 releases

Packages

 
 
 

Contributors

Languages