Example doesn't verify with hc1_verify.py -- invalid signature?

Question

Example doesn't verify with hc1_verify.py -- invalid signature?

curiousleo opened this issue 3 years ago · comments

Running against hc1_verify.py gives:

$ python hc1_verify.py demo-dsc.crt <01_example.txt
Traceback (most recent call last):
  File "hc1_verify.py", line 134, in <module>
    raise Exception(
Exception: KeyID is unknown (expected b'e848f3ca13651834', got b'8ede3316d4da418181f0753affc6a3a3') -- cannot verify.

Trying to side step this by ignoring the KID gives:

$ python hc1_verify.py --ignore-kid demo-dsc.crt <01_example.txt
Traceback (most recent call last):
  File "hc1_verify.py", line 149, in <module>
    raise Exception("faulty sig")
Exception: faulty sig

The data itself seems fine:

$ python hc1_verify.py --ignore-signature demo-dsc.crt <01_example.txt
Issuer              : DE
Experation time     : 1651928945
Issued At           : 1620392945
Health payload      : {"v": [{"ci": "01DE/00000/1119349007/BW1DDJEZX2B0VGVYII1QN7DDU#S", "co": "DE", "dn": 2, "dt": "2021-05-07", "is": "Bundesministerium f\u00fcr Gesundheit", "ma": "ORG-100030215", "mp": "EU/1/20/1528", "sd": 2, "tg": "840539006", "vp": "1119349007"}], "dob": "1970-01-01", "nam": {"fn": "Die\u00dfner Musterfrau", "gn": "Erika D\u00f6rte", "fnt": "DIESSNER<MUSTERFRAU", "gnt": "ERIKA<DOERTE"}, "ver": "1.0.0"}

Leonhard Markert · Answer 1 · Sun Jun 13 2021 01:03:34 GMT+0800 (China Standard Time)

Hm, I tried to use the same script to check one of the QR codes in https://github.com/eu-digital-green-certificates/dgc-testdata against the relevant test certificate there and that failed in the same way. It is definitely possible that hc1_verify.py is outdated.

https://github.com/eu-digital-green-certificates/dgc-testdata/blob/main/tests/test_ehealth_certs.py is used in CI for dgc-testdata, so I guess that's the better implementation to test against?

Leonhard Markert · Answer 2 · Sun Jun 13 2021 01:12:04 GMT+0800 (China Standard Time)

Mystery solved. demo-dsc.crt uses RSASSA-PSS:

$ openssl x509 -in demo-dsc.crt -text
Certificate:
[...]
    Signature Algorithm: rsassaPss
         Hash Algorithm: sha512
         Mask Algorithm: mgf1 with sha512
[...]

But hc1_verify.py assumes ECDSA.

test_ehealth_certs.py can deal with either.

Leonhard Markert · Answer 3 · Sun Jun 13 2021 01:19:35 GMT+0800 (China Standard Time)

Sorry about the spam. Closing in favour of ehn-dcc-development/ehn-sign-verify-python-trivial#5.