Enabling ePassports

Electronic passports are standardized modern security documents with many security features. Typical PKI and digital signature functions such as Government Root Certification Authority and Country Signing Certificate Authority play an important role in the solution.

Contact us See all solutions


ePassport solution

PrimeKey's ePassport solution contains all the PKI and digital signature components needed to produce and handle ePassports securely. The important security features are standardized by ICAO and the EU. 

Country Signing and Country Verifying CAs

EJBCA Enterprise implements Country Signing Certificate Authority (CSCA), Country Verifying CA (CVCA) and Document Verifier (DV). Compliant with the ICAO 9303 and EAC specifications.

Document Signing

SignServer supports signing biometric ePassport (MRTD) data compliant with the ICAO specification.

ICAO PKD objects local storage

The National Public Key Directory (NPKD) from PrimeKey enables management of ICAO PKD objects in a provided local repository. 

For more information, see our documentation on Issuing eID Certificates and Signing ePassports. 

ePassport security features 

From a PKI perspective, the ePassport security features can be divided into two categories:

Basic Access Control (BAC)

Ensures the authenticity of the passport.

Extended Access Control (EAC)

Protects the privacy of biometric data stored in the ePassport chip.

Benefits of PrimeKey's ePassport solution

An ePassport PKI solution can contain several PKI services such as CSCA, CVCA, DVCA and DS. Demands on what PKI services are needed can differ depending on the targeted region. 

Complete offering

Our ePassport Solution contains all the PKI and digital signature components needed to produce and handle ePassports securely.


All included technology meets the requirements of ICAO and the EU.

Flexibility and integration

All software within our ePassport offering is reliable during operations and integrates well with other necessary ePassport technologies from major players such as Thales and Mühlbauer. The solution can be deployed as a flexible software appliance or as a fit-for-purpose hardware appliance that also includes a FIPS-certified HSM.

Experienced partner

PrimeKey has extensive experience in many strategic, mission-critical, large-scale PKI projects and has already delivered ePassport solutions to more than 20 customers.

Products for ePassports

To produce ePassports, you need PKI (EJBCA Enterprise) and a digital signing solution (SignServer Enterprise). 

To verify ePassports from different countries, you need PKI (EJBCA Enterprise) and a Directory for different countries (NPKD). 

EJBCA® Enterprise

Complete public key infrastructure (PKI) and certificate management

SignServer Enterprise

Server-side, PKI-based, multipurpose digital signature solution


National Public Key Directory from PrimeKey, a system for national certificates in e-passports

Customer stories from PKI implementations around the globe

Government root certification authority - business case Turkey

EJBCA Enterprise, ePassport, Government, SignServer Enterprise

Turkish Delight – or how to issue 10,000 high-quality e-Passports every day

More information

See the links for more information:

ePassport PKI documentation

ePassport signing documentation

About PrimeKey

Contact us

Fill in your contact information below and we will get in touch with you.