artur
/
paper-cred-demo
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
536 Commits
1 Branch
19 MiB
 
 
 
 
 
 
Branch: main
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'main'
${ noResults }
paper-cred-demo/verify.py

84 lines
2.4 KiB
Raw Permalink Blame History

# pip3 install ecdsa
# pip3 install dnspython
import hashlib
import base64
import dns.resolver
from hashlib import sha256
from ecdsa import SigningKey, VerifyingKey
from ecdsa.util import sigencode_der, sigdecode_der
def pad(base32NoPad):
base32 = base32NoPad
if (len(base32NoPad) % 8 == 2): return base32NoPad + "======"
if (len(base32NoPad) % 8 == 4): return base32NoPad + "===="
if (len(base32NoPad) % 8 == 5): return base32NoPad + "==="
if (len(base32NoPad) % 8 == 7): return base32NoPad + "="
return base32
def rmPad(base32text):
return base32text.replace('=','')
def parseQR(qr):
return qr.split(':')
def download(pubKeyLink):
key = dns.resolver.resolve(pubKeyLink, 'TXT')[0].strings[0].decode("utf-8").replace("\\n","\n")
if ("-----BEGIN PUBLIC KEY-----" not in key):
key = "-----BEGIN PUBLIC KEY-----" + "\n" + key + "\n" + "-----END PUBLIC KEY-----\n"
return key
def parseAndVerifyQR(qr):
[schema, qrtype, version, signatureBase32NoPad, pubKeyLink, payload] = parseQR(qr)
print ("Parsed QR\t", schema, qrtype, version, signatureBase32NoPad, pubKeyLink, payload)
payloadBytes = payload.encode("utf-8")
signatureDER = base64.b32decode(pad(signatureBase32NoPad))
print("Payload Bytes\t", *payloadBytes)
print("Signature DER\t", *signatureDER)
vk = VerifyingKey.from_pem(download(pubKeyLink))
verified = vk.verify(signatureDER, payloadBytes, hashfunc=sha256, sigdecode=sigdecode_der)
print("\nVerify Payload\t", verified)
return verified
def signAndFormatQR(sk, schema, qrtype, version, pubKeyLink, payload):
payloadBytes = payload.encode("utf-8")
sig = sk.sign(payloadBytes, hashfunc=sha256, sigencode=sigencode_der)
formattedSig = rmPad(base64.b32encode(sig).decode("ascii"))
return ':'.join([schema, qrtype, version, formattedSig, pubKeyLink, payload])
qr = 'CRED:STATUS:2:GBCAEIAHV2J6PWDSYVLI67RN55WVHIMUTKLFF5GZ4NPHPZ7ZSIJE4MP5M4BCAU6QVDHUP4RQCPXW6XJDAM54VMZ7XURUN34WFT2RWL5ETTZDNHUF:KEYS.PATHCHECK.ORG:1/BUQHHANUB4Z5KHBZTYCWMNI4RQ6CP5WFVVQCUXYHCQVY5WLDDFPA/'
print("")
print("Loading hardcoded QR")
print("")
parseAndVerifyQR(qr)
print("")
print("Resigning same payload")
print("")
# Loading private key
with open("keys/ecdsa_private_key") as f:
sk = SigningKey.from_pem(f.read())
[schema, qrtype, version, _, pubKeyLink, payload] = parseQR(qr)
newQR = signAndFormatQR(sk, schema, qrtype, version, pubKeyLink, payload)
print("New QR Signed\t", newQR)
print("")
parseAndVerifyQR(newQR)