You cannot read the DG11 from german ePassport, because it does not contain DG11. You can see which Datagroups are contained by looking at the EF.COM or EF.SOD file. EF.COM is like the passport's table of contents. But it is not signed, so cannot be trusted. But EF.SOD is signed and can be trusted. Since it contains hashes for all Datagroups, you can just check this file, for which Datagroups it contains a hash. If there is no hash for DG11, then the Passport does not contain DG11. Of course, you can only trust EF.SOD if you performed Passive Authentication (Ef.SOD's is signed by DS certificate which is signed by CSCA certificate)