Created
February 25, 2019 10:10
-
-
Save dvas0004/3f2dbf2a3ce16bdc865766b990da0e6f to your computer and use it in GitHub Desktop.
python script to verify ECDSA signatures generated from the newer Estonian eID cards. Signature and Certificate must be obtained from eID itself, eg by using: https://hwcrypto.github.io/demo/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# pip install ecdsa | |
# pip install cryptography | |
# https://github.com/warner/python-ecdsa | |
# https://cryptography.io/en/latest/ | |
from ecdsa import VerifyingKey, BadSignatureError | |
from cryptography import x509 | |
from cryptography.hazmat.backends import default_backend | |
from cryptography.hazmat.primitives.serialization import PublicFormat | |
from cryptography.hazmat.primitives.serialization import Encoding | |
import hashlib | |
message = "yolo" | |
print hashlib.sha256(message).hexdigest() | |
pem_data='''-----BEGIN CERTIFICATE----- | |
MIIDyTCCAyqgAwIBAgIQXzs6Bu0Xg3tcQXt+0X5fkzAKBggqhkjOPQQDBDBYMQsw | |
CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh | |
DA5OVFJFRS0xMDc0NzAxMzETMBEGA1UEAwwKRVNURUlEMjAxODAeFw0xOTAxMTgw | |
NzA4NDZaFw0yMzExMjEyMTU5NTlaMHExCzAJBgNVBAYTAkVFMSMwIQYDVQQDDBpW | |
QVNTQUxMTyxEQVZJRCwzODUxMjI5MDAzNTERMA8GA1UEBAwIVkFTU0FMTE8xDjAM | |
BgNVBCoMBURBVklEMRowGAYDVQQFExFQTk9FRS0zODUxMjI5MDAzNTB2MBAGByqG | |
SM49AgEGBSuBBAAiA2IABFCeQUD370RDD/VfLsFDNG4VOn40sC30QUT9iVCq+1DH | |
1WCS44yObSLWo7V1DRLUgZCaFjMstRg3nkjW7BB4VtEkmJctHRQHvhdITMu9l3Am | |
MbertuHjlsFU6o393p8Zq6OCAZ4wggGaMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQD | |
AgZAMEgGA1UdIARBMD8wMgYLKwYBBAGDkSEBAQIwIzAhBggrBgEFBQcCARYVaHR0 | |
cHM6Ly93d3cuc2suZWUvQ1BTMAkGBwQAi+xAAQIwHQYDVR0OBBYEFCWItvF/+Xcg | |
7+SfxJw1npv1Gq9tMIGKBggrBgEFBQcBAwR+MHwwCAYGBACORgEBMAgGBgQAjkYB | |
BDATBgYEAI5GAQYwCQYHBACORgEGATBRBgYEAI5GAQUwRzBFFj9odHRwczovL3Nr | |
LmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmlj | |
YXRlcy8TAkVOMB8GA1UdIwQYMBaAFNmscNtffr6U+KDkvkei0DStmioSMGYGCCsG | |
AQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDovL2FpYS5zay5lZS9lc3RlaWQy | |
MDE4MC0GCCsGAQUFBzAChiFodHRwOi8vYy5zay5lZS9lc3RlaWQyMDE4LmRlci5j | |
cnQwCgYIKoZIzj0EAwQDgYwAMIGIAkIBHkBtXiVsxzvMXnNWmIC6m4QF+66fGfIY | |
wPIV3IybVTGEwtc1clJrApa+FANd+ygOvtBimFSJVhD1RjWyH4AnYBACQgDvGxxF | |
lwRaMZgCl778C4SRUGdICR7d8RBKZ6sG1lU3bcvKJbnylbQo/H7AzRTm5CepF+/C | |
yWWAXW+7/CAPXKy34A== | |
-----END CERTIFICATE-----''' | |
cert = x509.load_pem_x509_certificate(pem_data, default_backend()) | |
pubKey_data = cert.public_key().public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo) | |
vk = VerifyingKey.from_pem(pubKey_data) | |
sig = '''cd39f9e35cd0f507ca410e10af59847303b44c9a214cb9eb37caa27f6212bb44 | |
73685f25233f8e31585514cae968dbfdac268e061f3060fc718636f3360f01a5 | |
a1f3e72eb6b73142d0535cc15d19ac795aecdccab5cde4656ad666123e8491bc'''.replace('\n','').decode("hex") | |
try: | |
vk.verify(sig, message, hashfunc=hashlib.sha256) | |
print "good signature" | |
except BadSignatureError: | |
print "BAD SIGNATURE" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment