You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
79 lines
2.5 KiB
79 lines
2.5 KiB
#!/bin/zsh
|
|
|
|
parseAndVerifyQR () {
|
|
local schema=$(echo $1 | cut -f1 -d:)
|
|
local qrtype=$(echo $1 | cut -f2 -d:)
|
|
local version=$(echo $1 | cut -f3 -d:)
|
|
local signatureBase32NoPad=$(echo $1 | cut -f4 -d:)
|
|
local pubKeyLink=$(echo $1 | cut -f5 -d:)
|
|
local payload=$(echo $1 | cut -f6 -d:)
|
|
|
|
echo -e Parsed QR '\t' $schema $qrtype $version $signatureBase32NoPad $pubKeyLink $payload
|
|
|
|
# Add Padding Elements to the Base32 signature
|
|
local signatureSize=${#signatureBase32NoPad}
|
|
case $(($signatureSize%8)) in
|
|
2) signatureBase32=$(echo -n $signatureBase32NoPad"======") ;;
|
|
4) signatureBase32=$(echo -n $signatureBase32NoPad"====") ;;
|
|
5) signatureBase32=$(echo -n $signatureBase32NoPad"===") ;;
|
|
7) signatureBase32=$(echo -n $signatureBase32NoPad"=") ;;
|
|
*) signatureBase32=$(echo -n $signatureBase32NoPad) ;;
|
|
esac
|
|
|
|
# No need to convert to UTF-8
|
|
echo -e "Payload Bytes\t" $payload
|
|
|
|
# Using files because Scripts tend to not work well with Binary content.
|
|
echo $signatureBase32 | base32 -d --wrap=0 > /tmp/signature-verify.bin
|
|
|
|
# Debug Info
|
|
local printableSignatureDER=$(od -An -v -t u1 /tmp/signature-verify.bin)
|
|
echo -e "Signature DER\n"$printableSignatureDER
|
|
|
|
# Downloading PUBKey from DNS record
|
|
local pubkey=$(dig -t txt $pubKeyLink +short)
|
|
local pubKeyNewLine=${pubkey//\\n/\n}
|
|
local pubKeyNoQuotes=${pubKeyNewLine//\"/}
|
|
|
|
if [[ ! $pubKeyNoQuotes == "-----BEGIN PUBLIC KEY-----"* ]]; then
|
|
pubKeyNoQuotes=$(echo -n "-----BEGIN PUBLIC KEY-----\n"$pubKeyNoQuotes"\n-----END PUBLIC KEY-----\n")
|
|
fi
|
|
|
|
echo $pubKeyNoQuotes > /tmp/pubkey.pem
|
|
|
|
# Verifying
|
|
local verified=$(echo -n $payload | openssl dgst -verify /tmp/pubkey.pem -signature /tmp/signature-verify.bin)
|
|
|
|
echo -e "\nVerify Payload\t" $verified
|
|
}
|
|
|
|
signAndFormatQR () {
|
|
local signatureBase32=$(echo -n $5 | openssl dgst -sign keys/ecdsa_private_key | base32 --wrap=0 | sed s/=//g)
|
|
|
|
newQR=$(echo "$1:$2:$3:$signatureBase32:$4:$5")
|
|
}
|
|
|
|
qr='CRED:STATUS:2:GBCAEIAHV2J6PWDSYVLI67RN55WVHIMUTKLFF5GZ4NPHPZ7ZSIJE4MP5M4BCAU6QVDHUP4RQCPXW6XJDAM54VMZ7XURUN34WFT2RWL5ETTZDNHUF:KEYS.PATHCHECK.ORG:1/BUQHHANUB4Z5KHBZTYCWMNI4RQ6CP5WFVVQCUXYHCQVY5WLDDFPA/'
|
|
|
|
echo
|
|
echo "Loading hardcoded QR"
|
|
echo
|
|
|
|
parseAndVerifyQR $qr
|
|
|
|
echo
|
|
echo "Resigning same payload"
|
|
echo
|
|
|
|
schema=$(echo $qr | cut -f1 -d:)
|
|
qrtype=$(echo $qr | cut -f2 -d:)
|
|
version=$(echo $qr | cut -f3 -d:)
|
|
pubKeyLink=$(echo $qr | cut -f5 -d:)
|
|
payload=$(echo $qr | cut -f6 -d:)
|
|
|
|
signAndFormatQR $schema $qrtype $version $pubKeyLink $payload
|
|
|
|
echo -e "New QR Signed\t" $newQR
|
|
echo ""
|
|
|
|
parseAndVerifyQR $newQR
|