-
Notifications
You must be signed in to change notification settings - Fork 29
/
verify.py
84 lines (56 loc) · 2.43 KB
/
verify.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# pip3 install ecdsa
# pip3 install dnspython
import hashlib
import base64
import dns.resolver
from hashlib import sha256
from ecdsa import SigningKey, VerifyingKey
from ecdsa.util import sigencode_der, sigdecode_der
def pad(base32NoPad):
base32 = base32NoPad
if (len(base32NoPad) % 8 == 2): return base32NoPad + "======"
if (len(base32NoPad) % 8 == 4): return base32NoPad + "===="
if (len(base32NoPad) % 8 == 5): return base32NoPad + "==="
if (len(base32NoPad) % 8 == 7): return base32NoPad + "="
return base32
def rmPad(base32text):
return base32text.replace('=','')
def parseQR(qr):
return qr.split(':')
def download(pubKeyLink):
key = dns.resolver.resolve(pubKeyLink, 'TXT')[0].strings[0].decode("utf-8").replace("\\n","\n")
if ("-----BEGIN PUBLIC KEY-----" not in key):
key = "-----BEGIN PUBLIC KEY-----" + "\n" + key + "\n" + "-----END PUBLIC KEY-----\n"
return key
def parseAndVerifyQR(qr):
[schema, qrtype, version, signatureBase32NoPad, pubKeyLink, payload] = parseQR(qr)
print ("Parsed QR\t", schema, qrtype, version, signatureBase32NoPad, pubKeyLink, payload)
payloadBytes = payload.encode("utf-8")
signatureDER = base64.b32decode(pad(signatureBase32NoPad))
print("Payload Bytes\t", *payloadBytes)
print("Signature DER\t", *signatureDER)
vk = VerifyingKey.from_pem(download(pubKeyLink))
verified = vk.verify(signatureDER, payloadBytes, hashfunc=sha256, sigdecode=sigdecode_der)
print("\nVerify Payload\t", verified)
return verified
def signAndFormatQR(sk, schema, qrtype, version, pubKeyLink, payload):
payloadBytes = payload.encode("utf-8")
sig = sk.sign(payloadBytes, hashfunc=sha256, sigencode=sigencode_der)
formattedSig = rmPad(base64.b32encode(sig).decode("ascii"))
return ':'.join([schema, qrtype, version, formattedSig, pubKeyLink, payload])
qr = 'CRED:STATUS:2:GBCAEIAHV2J6PWDSYVLI67RN55WVHIMUTKLFF5GZ4NPHPZ7ZSIJE4MP5M4BCAU6QVDHUP4RQCPXW6XJDAM54VMZ7XURUN34WFT2RWL5ETTZDNHUF:KEYS.PATHCHECK.ORG:1/BUQHHANUB4Z5KHBZTYCWMNI4RQ6CP5WFVVQCUXYHCQVY5WLDDFPA/'
print("")
print("Loading hardcoded QR")
print("")
parseAndVerifyQR(qr)
print("")
print("Resigning same payload")
print("")
# Loading private key
with open("keys/ecdsa_private_key") as f:
sk = SigningKey.from_pem(f.read())
[schema, qrtype, version, _, pubKeyLink, payload] = parseQR(qr)
newQR = signAndFormatQR(sk, schema, qrtype, version, pubKeyLink, payload)
print("New QR Signed\t", newQR)
print("")
parseAndVerifyQR(newQR)