Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
python script to verify ECDSA signatures generated from the newer Estonian eID cards. Signature and Certificate must be obtained from eID itself, eg by using: https://hwcrypto.github.io/demo/
# pip install ecdsa
# pip install cryptography
# https://github.com/warner/python-ecdsa
# https://cryptography.io/en/latest/
from ecdsa import VerifyingKey, BadSignatureError
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import PublicFormat
from cryptography.hazmat.primitives.serialization import Encoding
import hashlib
message = "yolo"
print hashlib.sha256(message).hexdigest()
pem_data='''-----BEGIN CERTIFICATE-----
MIIDyTCCAyqgAwIBAgIQXzs6Bu0Xg3tcQXt+0X5fkzAKBggqhkjOPQQDBDBYMQsw
CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh
DA5OVFJFRS0xMDc0NzAxMzETMBEGA1UEAwwKRVNURUlEMjAxODAeFw0xOTAxMTgw
NzA4NDZaFw0yMzExMjEyMTU5NTlaMHExCzAJBgNVBAYTAkVFMSMwIQYDVQQDDBpW
QVNTQUxMTyxEQVZJRCwzODUxMjI5MDAzNTERMA8GA1UEBAwIVkFTU0FMTE8xDjAM
BgNVBCoMBURBVklEMRowGAYDVQQFExFQTk9FRS0zODUxMjI5MDAzNTB2MBAGByqG
SM49AgEGBSuBBAAiA2IABFCeQUD370RDD/VfLsFDNG4VOn40sC30QUT9iVCq+1DH
1WCS44yObSLWo7V1DRLUgZCaFjMstRg3nkjW7BB4VtEkmJctHRQHvhdITMu9l3Am
MbertuHjlsFU6o393p8Zq6OCAZ4wggGaMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQD
AgZAMEgGA1UdIARBMD8wMgYLKwYBBAGDkSEBAQIwIzAhBggrBgEFBQcCARYVaHR0
cHM6Ly93d3cuc2suZWUvQ1BTMAkGBwQAi+xAAQIwHQYDVR0OBBYEFCWItvF/+Xcg
7+SfxJw1npv1Gq9tMIGKBggrBgEFBQcBAwR+MHwwCAYGBACORgEBMAgGBgQAjkYB
BDATBgYEAI5GAQYwCQYHBACORgEGATBRBgYEAI5GAQUwRzBFFj9odHRwczovL3Nr
LmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmlj
YXRlcy8TAkVOMB8GA1UdIwQYMBaAFNmscNtffr6U+KDkvkei0DStmioSMGYGCCsG
AQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDovL2FpYS5zay5lZS9lc3RlaWQy
MDE4MC0GCCsGAQUFBzAChiFodHRwOi8vYy5zay5lZS9lc3RlaWQyMDE4LmRlci5j
cnQwCgYIKoZIzj0EAwQDgYwAMIGIAkIBHkBtXiVsxzvMXnNWmIC6m4QF+66fGfIY
wPIV3IybVTGEwtc1clJrApa+FANd+ygOvtBimFSJVhD1RjWyH4AnYBACQgDvGxxF
lwRaMZgCl778C4SRUGdICR7d8RBKZ6sG1lU3bcvKJbnylbQo/H7AzRTm5CepF+/C
yWWAXW+7/CAPXKy34A==
-----END CERTIFICATE-----'''
cert = x509.load_pem_x509_certificate(pem_data, default_backend())
pubKey_data = cert.public_key().public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
vk = VerifyingKey.from_pem(pubKey_data)
sig = '''cd39f9e35cd0f507ca410e10af59847303b44c9a214cb9eb37caa27f6212bb44
73685f25233f8e31585514cae968dbfdac268e061f3060fc718636f3360f01a5
a1f3e72eb6b73142d0535cc15d19ac795aecdccab5cde4656ad666123e8491bc'''.replace('\n','').decode("hex")
try:
vk.verify(sig, message, hashfunc=hashlib.sha256)
print "good signature"
except BadSignatureError:
print "BAD SIGNATURE"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment