Get the keyid ? and ecdsa-with-SHA256?
Opened this issue · 25 comments
Hello,
how can i create the keyid for the certificate and get an SHA256 Key?
thank you very much
developer2013
Hi,
this was not relevant for my tests. However, the keyid should consist of the first 8 hex values of SHA256 of the certificate of the signing key you use. Check out the script from @dirkx for generating all keys and certificates used in this context by using openssl: https://github.com/ehn-dcc-development/ehn-sign-verify-python-trivial/blob/main/gen-csca-dsc.sh
Thank's that worked.
i have one last question: how can I change the algorithm to ECDSA prime256v1 ?
thanks
Well, my understandig is that the algorithm above or used for the key in the code did use ECDS with prime2561.
(openssl ecparam -name prime256v1 -genkey -noout -out sign.key)
but there is some issue: Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
keyid = '30593013'
pem = b'-----BEGIN EC PRIVATE KEY-----\n'
b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETHfi8foQF4UtSNVxSFxeu7W+gMxd'
b'SGElhdo7825SD3Lyb+Sqh4G6Kra0ro1BdrM6Qx+hsUx4Qwdby7QY0pzxyA=='
b'\n-----END EC PRIVATE KEY-----'
Seems you are missing / at end of these lines (refer to my key in the code). Or you put all together in one single long line string between b'......'
sorry, that's not working :( the same error
pem = b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETHfi8foQF4UtSNVxSFxeu7W+gMxdSGElhdo7825SD3Lyb+Sqh4G6Kra0ro1BdrM6Qx+hsUx4Qwdby7QY0pzxyA==/'
You are now missing begin and end of certificate statements. Do do it exactly the way as in my example and it should work. Don't forget the / after each line....
And after /n'
I got the same error:
pem = b'-----BEGIN EC PRIVATE KEY-----\n'
b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETHfi8foQF4UtSNVxSFxeu7W+gMxd\n'
b'SGElhdo7825SD3Lyb+Sqh4G6Kra\n'
b'0ro1BdrM6Qx+hsUx4Qwdby7QY0pzxyA=='
b'\n-----END EC PRIVATE KEY-----'
it's the same code from you.
can you check it with this key for me?
thanks
Ok. Same error with your key. Actually it seems a bit short. Are you sure you did not miss a part?
Which command did you use for key generation?
Make use you specifyc the curve (https://github.com/ehn-dcc-development/ehn-sign-verify-python-trivial/blob/aac51a6df51cdc8d3a06f1e3ab099dc6c35e3f1c/gen-csca-dsc.sh#L9 -- the -name flag).
And make sure that the key is uncompressed. Check this with
openssl x509 -in dsc.key -noout -pubkey | openssl pkey -pubin -noout -text
and verify that the hex string starts with 04: and is followed by exactly 2x32 = 64 hex pairs.
The code from this line https://github.com/ehn-dcc-development/ehn-sign-verify-python-trivial/blob/aac51a6df51cdc8d3a06f1e3ab099dc6c35e3f1c/hc1_verify.py#L186 shows how to do this in Python
HI
I need help
i'm getting this error
File "C:\Python39\lib\site-packages\cose\headers.py", line 173, in is_bstr
raise ValueError("KID should be a byte string")
ValueError: KID should be a byte string
i
i fixed it :)
i haven't installed the correct library.
Great that you could directly fix it :-)
I just want to ask here, whether someone find a solution to this comment:
#1 (comment)
HI
I need help i'm getting this error
File "C:\Python39\lib\site-packages\cose\headers.py", line 173, in is_bstr raise ValueError("KID should be a byte string") ValueError: KID should be a byte string
i
Replace
keyid = '01234567'
Ti
keyid = bytes('01234567','utf-8')
Good morning, first of all, thank you for leaving this material and that we can learn everything, I have been trying it and it gives me a series of errors, I am new and I would like to continue learning. the errors are these:
line 90, in
msg = Sign1Message(phdr={Algorithm: Es256, KID: keyid}, payload=payload)
line 41, in init
super().init(phdr, uhdr, payload, external_aad, key, *args, **kwargs)
line 84, in init
super().init(phdr, uhdr, *args, **kwargs)
line 53, in init
CoseBase._transform_header_buckets(self._phdr, phdr, kwargs.get("allow_unknown_attributes", True))
line 166, in _transform_header_buckets
_value = hp.value_parser(_value)
line 173, in is_bstr
raise ValueError("KID should be a byte string")
ValueError: KID should be a byte string
Thank u, very much!!
I have already followed all the same code and it only gives me this error: line 125, in
qr_image = qrcode.make (out)
AttributeError: module 'qrcode' has no attribute 'make
Using the same code from the beginning, with the required libraries, changing the "keyid" it generates the code in base45 that is not the same as what it should generate, regardless of whether or not it generates the qr
@Newpython22 Did you install this qrcode package: https://pypi.org/project/qrcode/ ?
already solved!!
thank you
@ Newpython22 ¿ Instaló este paquete qrcode: https://pypi.org/project/qrcode/ ?
He modificado hc1_test_cert está escrito en tres versiones, funcionan bien, gp_cert1 para vacuna, gp_rec1 para hospitalizado, un gp_tamp1 para prueba antigénica, espero que puedan ser de utilidad. Il sab 8 gen 2022, 20:21 Newpython22 @.> ha scritto:
...
[image: Sin título21] https://user-images.githubusercontent.com/97358530/148656929-8d5e0021-4243-4f12-8ca7-eb2dee0eae0b.jpg Using the same code from the beginning, with the required libraries, changing the "keyid" it generates the code in base45 that is not the same as what it should generate, regardless of whether or not it generates the qr — Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJL6ZSF4R6KNZV37EHKLBNDUVCFDDANCNFSM475HFPQA . You are receiving this because you commented.Message ID: @.>
Where are those versions published?