/ehn-sign-verify-python-trivial

Extremely minimal python implementation of the eHN-S protocol.

Primary LanguagePythonEuropean Union Public License 1.2EUPL-1.2

Trivial/rudimentary eHN-simplified implementation

Aligned with version 1.00 / 2021-4-14 of the spec: https://github.com/ehn-digital-green-development/hcert-spec/blob/main/hcert_spec.md

For round-trip testing of cose_sign.py and cose_verify.py take some JSON, e.g. { "Foo" : "Bar }, CBOR package, COSE sign, compress and base45 convert it for use in a QR.

  1. COSE sign
    1. compact the JSOn into CBOR
    2. sign and package as a COSE message
    3. ZLIB compress
    4. Base45 encode
  2. COSE verify
    1. Base45 decode
    2. ZLIB decompress
    3. check the signature on the COSE message
    4. unpack the CBOR into JSON

Test Steps

  1. Generate the CSCA and DSC with ./gen-csca-dsc.sh
  2. Run the command: echo "{'A': 1234}" | python3.8 cose_sign.py | python3.8 cose_verify.py
  3. You should see the output: {"A": 1234}

echo '{ "Foo":1, "Bar":{ "Field1": "a value", "integer":1212112121 }}' | python3.8 cose_sign.py | python3.8 cose_verify.py prettyprint-json

Which should output:

{
    "Foo": 1, 
    "Bar": {
        "Field1": "a value", 
        "integer": 1212112121
   }
}

Testing COSE from Austrian website

Testing against the AT cases:

  1. Fetch the Base64 from https://dev.a-sit.at/certservice

  2. Remove the first 2 bytes and do

    pbpaste| sed -e 's/^00//' | python3.8 cose_verify.py --base64 --ignore-signature --cbor