Mutual authentication failed

[DerEnderKeks]

When I'm trying to read my passport it says "Mutual authentication failed: expected length: 40 + 2, actual length: 2 (SW = 0x6985: CONDITIONS NOT SATI...".

[tananaev]

I would recommend to ask in JMRTD project. That's the library I'm using in this project to communicate with the passport chip.

[shwetankb11]

Hello,
Did you find the solution for this error, I am also facing the same problem.
Thanks

[DerEnderKeks]

I switched to this app. It works flawless and even has OCR for the passport ID.

[shwetankb11]

Thanks for quick response,
I tried this application and it works fine but i need to implement it in my android application.

[DerEnderKeks]

I sadly can't help you with that as I only used the app to scan my passport.

[shwetankb11]

No worries,
Thanks

[ad3bay0]

i have this same issue @shwetankb11 any solution yet?

[shwetankb11]

Are u making your own application?

[ad3bay0]

@shwetankb11 yeah i m making an android application that scans passport, i can read Nigerian passport(no BAC) perfectly but when i scan a British/Fininsh passport(BAC protected) i get the error you mentioned.

[shwetankb11]

Go to playstore and search for Bondi passport, in the more section you will find the github project link,
Try that if it works.

[ad3bay0]

thanks would check it out.

[RomainL972]

I usually get this error when the information I entered in the app (passport number, birth date and expiration date) are incorrect.

[cihatkapusuz]

Hello, i finally solved this problem on my app. I hope that will help you all, too. Once you set a timeout to your NfcA or NfcB depends on which one you use, it works pretty well if the informations about the card are correct. This was the only change that I have made.

isoDep.setTimeout(5000)

[akeilox]

@cihatkapusuz where did you set the isoDep timeout exactly in the code ?

[cihatkapusuz]

I am not able to post a snapshot of my code but I can say on the top of everything after defining my isoDep variable.

[akeilox]

I think the likely location is within

    private ReadTask(IsoDep isoDep, BACKeySpec bacKey) {
            //set timeout ?
            isoDep.setTimeout(5000);

            this.isoDep = isoDep;
            this.bacKey = bacKey;
        }

[cihatkapusuz]

Yes, something like this would help.

[msgopi3]

Hi, Any update on this issue, Am trying to read a BRP card by using "Read ID card" button in the app. When I tap my ID card, I get this same error "Mutual authentication failed: expected length: 40 + 2, actual length: 2 (SW = 0x6985: CONDITIONS NOT SATI...".

[YesidMarin]

Any solution for this problem? I think that is only works on card ID, but on passport (some) require extras steps.

[w-henderson]

Hi, I managed to solve this by calling

passportService.sendSelectApplet(false);

just before calling doBAC in order to specify that the PACE secure channel has not been initialised.

[LeeUsun]

@shwetankb11 Thanks, it works

[alexdu5711]

Work for me
BACKey bacKey = new BACKey(documentNumber, dateOfBirth, dateOfExpiry);
service.sendSelectApplet(false); //Important sinon erreur
service.doBAC(bacKey);

[EljackJoestar]

Anyone solved the issue yet im trying to make it work on an emirates id and its giving the same error

[marcony96]

To add my experience, with our national ID:
I developed certain Android App, that is dealing with document signing. During this process, mutual authentication is used. Initially, I was using only one Android smartphone, Android 10, and everything was working OK. Then, when application was finished, I tried to test it on some other smartphone devices. Final results, with same application code:

Everything works fine on SM A605FN, Android 10 (API 29)
Everything works fine on SM A202F, Android 11 (API 30)
On SM-J710F, Android 8.1 (API 27), I am getting error, during Mutual Authentication: "net.sf.scuba.smartcards.CardServiceException: (SW = 0x6985: CONDITIONS NOT SATISFIED)"

I checked order and content of APDU-s, and there are no any indication that APDU-s are wrong. The order is always the same:
read snICC
MSE-Set
GetChallenge
Calculate rndIFD
Calculate kIFD
Prepare snIFD
Execute Mutual Authentication

So, on two of tested devices, everything is working nice, while on older Android 8.1, I am getting SW = 0x6985: CONDITIONS NOT SATISFIED. The same ID card is used in all tests.

I then tried with different isoDep timeout values (default was 2000, and I tested with 3000, 4000, 5000 and 1000). In all tests, only Android 8.1 device returned error all the times, while other two devices works fine whatever timeout is set.

As one and only one ID was used, I would say that this is not the issue caused by wrong application (wrong order of APDUs, or whatever). Could be possible that Android NFC driver on my Android 8.1 device is cause of this issue (I still suspect to some timeout issues).

Any idea from the community?