forked from Path-Check/paper-cred-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
verify.sh
executable file
·79 lines (58 loc) · 2.51 KB
/
verify.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/bin/zsh
parseAndVerifyQR () {
local schema=$(echo $1 | cut -f1 -d:)
local qrtype=$(echo $1 | cut -f2 -d:)
local version=$(echo $1 | cut -f3 -d:)
local signatureBase32NoPad=$(echo $1 | cut -f4 -d:)
local pubKeyLink=$(echo $1 | cut -f5 -d:)
local payload=$(echo $1 | cut -f6 -d:)
echo -e Parsed QR '\t' $schema $qrtype $version $signatureBase32NoPad $pubKeyLink $payload
# Add Padding Elements to the Base32 signature
local signatureSize=${#signatureBase32NoPad}
case $(($signatureSize%8)) in
2) signatureBase32=$(echo -n $signatureBase32NoPad"======") ;;
4) signatureBase32=$(echo -n $signatureBase32NoPad"====") ;;
5) signatureBase32=$(echo -n $signatureBase32NoPad"===") ;;
7) signatureBase32=$(echo -n $signatureBase32NoPad"=") ;;
*) signatureBase32=$(echo -n $signatureBase32NoPad) ;;
esac
# No need to convert to UTF-8
echo -e "Payload Bytes\t" $payload
# Using files because Scripts tend to not work well with Binary content.
echo $signatureBase32 | base32 -d --wrap=0 > /tmp/signature-verify.bin
# Debug Info
local printableSignatureDER=$(od -An -v -t u1 /tmp/signature-verify.bin)
echo -e "Signature DER\n"$printableSignatureDER
# Downloading PUBKey from DNS record
local pubkey=$(dig -t txt $pubKeyLink +short)
local pubKeyNewLine=${pubkey//\\n/\n}
local pubKeyNoQuotes=${pubKeyNewLine//\"/}
if [[ ! $pubKeyNoQuotes == "-----BEGIN PUBLIC KEY-----"* ]]; then
pubKeyNoQuotes=$(echo -n "-----BEGIN PUBLIC KEY-----\n"$pubKeyNoQuotes"\n-----END PUBLIC KEY-----\n")
fi
echo $pubKeyNoQuotes > /tmp/pubkey.pem
# Verifying
local verified=$(echo -n $payload | openssl dgst -verify /tmp/pubkey.pem -signature /tmp/signature-verify.bin)
echo -e "\nVerify Payload\t" $verified
}
signAndFormatQR () {
local signatureBase32=$(echo -n $5 | openssl dgst -sign keys/ecdsa_private_key | base32 --wrap=0 | sed s/=//g)
newQR=$(echo "$1:$2:$3:$signatureBase32:$4:$5")
}
qr='CRED:STATUS:2:GBCAEIAHV2J6PWDSYVLI67RN55WVHIMUTKLFF5GZ4NPHPZ7ZSIJE4MP5M4BCAU6QVDHUP4RQCPXW6XJDAM54VMZ7XURUN34WFT2RWL5ETTZDNHUF:KEYS.PATHCHECK.ORG:1/BUQHHANUB4Z5KHBZTYCWMNI4RQ6CP5WFVVQCUXYHCQVY5WLDDFPA/'
echo
echo "Loading hardcoded QR"
echo
parseAndVerifyQR $qr
echo
echo "Resigning same payload"
echo
schema=$(echo $qr | cut -f1 -d:)
qrtype=$(echo $qr | cut -f2 -d:)
version=$(echo $qr | cut -f3 -d:)
pubKeyLink=$(echo $qr | cut -f5 -d:)
payload=$(echo $qr | cut -f6 -d:)
signAndFormatQR $schema $qrtype $version $pubKeyLink $payload
echo -e "New QR Signed\t" $newQR
echo ""
parseAndVerifyQR $newQR