There are more than 140 States and non-state entities (e.g. United Nations, European Union) currently issuing ePassports, and over 1 billion ePassports in circulation. ePassports add a layer of security to traditional non‑electronic passports by embedding an electronic chip in the passport booklet that stores the biographical information visible on page 2 of the passport, as well as a digital security feature. This digital security feature is a country specific "digital signature." These digital signatures are unique and can be verified using their respective certificates.
Trust Chain
A digital signature on an ePassport is derived from the issuing State's security certificates—the Country Signing Certification Authority (CSCA) Certificate and the Document Signer Certificate (DSC). Together, the signature and certificates form a trust chain wherein one end is securely anchored in the authority of the issuing State and the other end is securely stored in the chip of the ePassport as the Document Security Object.
To validate an ePassport at an international border, the border control system retrieves the Document Security Object from the chip. Its authenticity, and by implication the authenticity of the ePassport, can be proven if the signature checks against the DSC and if the DSC checks against the CSCA certificate.
Country Signing Certification Authority (CSCA) Certificate
Each State issuing an ePassport establishes a single Country Signing Certificate Authority (CSCA) as its national trust point in the context of ePassports. CSCA certificates are generated by the CSCA and are generally used for issuance over periods of three to five years. As the anchor in the trust chain, CSCA certificates are often exchanged bilaterally to ensure maximum security and trust in the rest of the chain. However, CSCA certificates can also be obtained via Master Lists (explained below) and validated by other means.
Document Signer Certificate (DSC)
A DSC is a certificate that contains the information required to verify the digital signature on an ePassport. In contrast to CSCA certificates which remain relatively static due to the longer validity period, a large number of DSCs will be created over time. While there are no minimum or maximum periods prescribed in Doc 9303 with respect to validity periods, the commonly‑held best practice is for a usage period of no more than 3 months or for signing 100,000 travel documents, whichever is sooner. Border control in a receiving State validate the DSC associated with an ePassport against the CSCA certificate for the issuing State to confirm the document is authentic and has not been tampered with.
Certificate Revocation List (CRL)
CRLs are lists issued by States to revoke any of its certificates that have been compromised. In addition, CRLs also serve to confirm that no such revocations exist for any of their certificates. CRLs must be issued every 90 days, even if no certificates have been revoked since the previous CRL was issued
Master Lists
A Master List is a list of CSCA certificates that has itself been produced and signed by a Master List Signer of an issuing authority. The Master List Signer certificate is issued and can be validated through that authority's CSCA certificate. In simple terms, a PKD participant may bilaterally exchange CSCA certificates with a number of other States, authenticate the certificates and then assemble, sign and upload a Master List to the ICAO PKD that contains those CSCA certificates. This Master List could then be downloaded by others who wish to obtain those CSCA certificates.
The publication of a Master List enables other receiving States to obtain a set of CSCA certificates from a single source (the Master List issuer) rather than establish a direct bilateral exchange with each of the Issuing Authorities or organizations represented on that list. However, the more instances of a CSCA certificate that a receiving State acquires—whether through multiple Master Lists, bilateral exchange, or both—the more confident the receiving State can be that the CSCA certificate they are using for validation is authentic. In this respect, Master Lists contribute to building and improving trust based on CSCA certificates.
ICAO PKD
For a digital signature to be an effective and efficient security feature, countries must exchange their respective certificates with each other. While both CSCA certificates and DSC can be exchanged bilaterally, the increasing number of States issuing ePassports and the correspondingly high volume of ePassports being issued would result in a highly complex, ineffective system that would be susceptible to errors. As such, ICAO created a system to facilitate the sharing of information between States: the ICAO Public Key Directory (PKD). The ICAO PKD is a centralized directory that offers an independent, organized, secure and cost-effective online source for up-to-date information.
PKD participants can upload their respective CSCA certificates, Document Signer Certificates, Certificate Revocation Lists, and Master Lists to the ICAO PKD. While PKD participants are required to submit their CSCA certificates to the ICAO PKD, they are not directly published in the directory for downloading. Rather, they are used to validate the Document Signer Certificates, Master List Signer certificates, and Certificate Revocation Lists of the issuing State before these items are published to the ICAO PKD and made available to PKD participants and other users for download.
Collections of CSCA certificates are published as Master Lists [of CSCA certificates] which are assembled, signed, and submitted by PKD Participants for others to download.The ICAO Master List is one such Master List, assembled by ICAO according to the rules published on this site and signed and submitted by the United Nations.
