Language: Deutsch | English
OpenPACE is a cryptographic library which provides support for the main protocols of the Extended Access Control (EAC) version 2.0 specified in BSI TR-03110 and is used to establish a Secure Channel with the new German identity card. OpenPACE comprises support for the following protocols:
Furthermore, OpenPACE also supports Card Verifiable Certificates (CV Certificates) as specified in BSI TR-03110.
Please note that OpenPACE only implements the cryptographic protocols of the EAC. If you actually want to exchange data with an RFID card, you need to take care of formatting and sending the data in the form of APDUs. If this is what you're trying to do, you should have a look at the pace-tool program in the ccid sub-directory contained in the Virtual Smartcard Architecture.
OpenPACE is based on the OpenSSL library. It consists of a series of patches for OpenSSL:
BP.patch: Adds the elliptic curves defined in RFC 5639 to OpenSSL. It was originally written by Annie Yousar from Humboldt University Berlin.
openpace.patch: Adds support for PACE and handling of CV Certificates.
These patches need to be applied OpenSSL 1.0.1c in the above order.
In order to compile and install OpenPACE you need to use the following commands:
./config shared experimental-pace -g --prefix=/opt/openpace
You can also fetch the required patches from the SVN, which also includes a Makefile which helps you with downloading and patching OpenSSL. In order to build OpenPACE from the SVN just issue the following commands:
svn co https://openpace.svn.sourceforge.net/svnroot/openpace openpace
makecommand finishes you should have a working copy of OpenPACE in the
To use OpenPACE with your application you need to link it against libcrypto and provide the path to include and library files to the compiler. Here's an example of how a gcc call for a program using OpenPACE might look like:
env LD_LIBRARY_PATH=/opt/openpace/lib gcc -o foo foo.c -I /opt/openpace/include -L /opt/openpace/lib -lcrypto
You can find the OpenPACE API here.
If you find a bug or want to add a feature to OpenPACE, feel free to contact the authors via E-Mail: