Signature verification for the Green Pass (התו הירוק).
As (not really) specified in https://github.com/MohGovIL/Ramzor
A pythonic implementation of the verification process can be found in verify.py
.
Install pipenv
and sync the required dependencies:
$ pipenv sync
Generate a Green Pass or Vaccination Certificate at https://corona.health.gov.il/green-pass/
Directly verify your GreenPass.pdf
or VaccinationCertificate.pdf
:
$ pipenv run verify -p GreenPass.pdf
Save the QR code as a .png
file (e.g. from screenshot) and execute:
$ pipenv run verify -i green_pass_image.png
Decode the QR code payload yourself, put it in a txt file and then execute:
$ pipenv run verify -t green_pass_payload.txt
Israeli ID Number 012345678
ID valid by 2021-01-01
Cert Unique ID 01/IL/ABCD1234ABCD1234ABCD1234ABCD1234#ABCD1234
✅ Valid signature!
We describe in detail the signature verification steps using openssl
commands.
Scan a Green Pass QR code, the encoded data has the following format:
Base64EncodedSignature#{"id":"01/IL/ABCD1234ABCD1234ABCD1234ABCD1234#ABCD1234","et":1,"ct":1,"c":"IL MOH","cn":null,"fn":null,"g":null,"f":null,"gl":null,"fl":null,"idp":null,"idl":null,"b":"0001-01-01","e":"0001-01-01","a":"0001-01-01","p":[{"idl":"0123456789","e":"2021-01-01"}]}
Where Base64EncodedSignature
are 256 bytes of an RSA signature signed with a 2048-bit public key and PKCS#1 v1.5 padding, followed by a #
delimiter, and then the signed JSON payload as defined in https://github.com/MohGovIL/Ramzor#minimal-dataset
Some certificates now have ct=2
which is not double hashed. This implementation supports both versions.
The Ministry of Healthy RSA certificate seems to be available at https://ramzorfiles.z6.web.core.windows.net/RamzorQRPubKey.der
$ openssl x509 -pubkey -noout -inform der -in certs/RamzorQRPubKey.der -text
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4MJrQWgRnYakBsoU/eV
RxpvDnrGvtidQtfU0o0OGKU+p3H16ufPusBzKLHQPGAoZB33lU8wvfP01xUJTvod
qoi6KEKXGXC+XreQ1YJDKhIglYfPxJOOcauWf/tmV+w0xph6O3L5/2JrhxEjIbdu
E8zP8FvZ+KxVFA9LOFQzX7zbbiDUBLCRtIBhwtLCPIiy960O+lVZkMPXg5BrBWjc
NBrDN62PgOxGXvP3iF0bOlz1+m63q9cFzdKqVfOyl8jZRr3GzYD8SVSXO9EbfYId
8DEP+HMmqd4StD2X6OMDc9UrBBHx3nGbRpi2D9QuHA/kq/QAjQqnrd+iuzdSwQi+
mQIDAQAB
-----END PUBLIC KEY-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:77:f3:e6:67:08:85:38:25:c4:ad:f6:88:5a:02:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Assured ID Code Signing CA
Validity
Not Before: Feb 19 00:00:00 2021 GMT
Not After : Feb 27 23:59:59 2024 GMT
Subject: C = IL, L = Jerusalem, O = Ministry of Health, CN = Ministry of Health
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:83:09:ad:05:a0:46:76:1a:90:1b:28:53:f7:
95:47:1a:6f:0e:7a:c6:be:d8:9d:42:d7:d4:d2:8d:
0e:18:a5:3e:a7:71:f5:ea:e7:cf:ba:c0:73:28:b1:
d0:3c:60:28:64:1d:f7:95:4f:30:bd:f3:f4:d7:15:
09:4e:fa:1d:aa:88:ba:28:42:97:19:70:be:5e:b7:
90:d5:82:43:2a:12:20:95:87:cf:c4:93:8e:71:ab:
96:7f:fb:66:57:ec:34:c6:98:7a:3b:72:f9:ff:62:
6b:87:11:23:21:b7:6e:13:cc:cf:f0:5b:d9:f8:ac:
55:14:0f:4b:38:54:33:5f:bc:db:6e:20:d4:04:b0:
91:b4:80:61:c2:d2:c2:3c:88:b2:f7:ad:0e:fa:55:
59:90:c3:d7:83:90:6b:05:68:dc:34:1a:c3:37:ad:
8f:80:ec:46:5e:f3:f7:88:5d:1b:3a:5c:f5:fa:6e:
b7:ab:d7:05:cd:d2:aa:55:f3:b2:97:c8:d9:46:bd:
c6:cd:80:fc:49:54:97:3b:d1:1b:7d:82:1d:f0:31:
0f:f8:73:26:a9:de:12:b4:3d:97:e8:e3:03:73:d5:
2b:04:11:f1:de:71:9b:46:98:b6:0f:d4:2e:1c:0f:
e4:ab:f4:00:8d:0a:a7:ad:df:a2:bb:37:52:c1:08:
be:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:5A:C4:B9:7B:2A:0A:A3:A5:EA:71:03:C0:60:F9:2D:F6:65:75:0E:58
X509v3 Subject Key Identifier:
87:3F:27:58:83:96:F0:67:2D:E5:E0:B5:9A:A7:B5:2A:50:A1:1E:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Code Signing
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/sha2-assured-cs-g1.crl
Full Name:
URI:http://crl4.digicert.com/sha2-assured-cs-g1.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.114412.3.1
CPS: http://www.digicert.com/CPS
Policy: 2.23.140.1.4.1
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
4a:44:6c:e6:24:56:69:72:54:59:d0:f0:29:5a:ca:89:38:71:
68:56:6b:42:17:bd:ee:f4:e9:2c:7a:86:1d:4d:b7:f0:44:90:
ec:fb:e9:38:0a:d7:72:38:5e:0b:3b:61:7d:96:36:b2:b4:44:
b1:2e:fd:68:c2:8b:ec:12:66:37:06:81:bb:f5:bd:83:72:49:
8c:e5:ec:53:56:d5:24:c1:35:56:d2:a3:8d:e1:a7:a0:69:ca:
46:e3:f5:3b:dd:53:89:4a:27:ab:ee:94:bc:9e:46:60:b4:f8:
f9:2a:88:87:fd:7d:46:6e:86:21:df:fe:56:d4:1c:61:6b:22:
3c:ea:84:85:cd:fd:c6:f1:c6:e6:b9:5e:5c:df:23:da:e9:bc:
6d:8a:bf:1c:c4:11:c1:26:c6:e6:84:21:6d:55:d6:63:c0:c3:
dd:67:db:73:4b:ce:35:d7:72:0b:26:09:f3:20:1a:cf:6a:c1:
98:b8:bc:48:3a:6f:a8:b1:89:35:55:85:2f:00:26:7d:9c:ee:
46:b2:58:eb:9f:9d:4f:42:7e:03:52:24:27:88:50:dc:fc:c0:
f2:48:ab:6b:2c:c7:0a:d0:c6:99:af:12:a5:3d:ea:dd:70:94:
1c:fe:06:56:d9:b7:cf:b2:e7:7b:8b:13:d6:8b:1c:75:c6:6c:
30:06:49:99
Convert the DER formatted certificate to a PEM file:
$ openssl x509 -pubkey -noout -inform der -in certs/RamzorQRPubKey.der > certs/RamzorQRPubKey.pem
Assumed the signed JSON data (without any trailing whitespace) is in data.json
. Before we verify the data we need to hash the signed JSON:
$ openssl dgst -binary -sha256 data.json > data.hash
This redundant hash step should be skipped in case the ct
value in the payload is equal to 2
.
Assuming the Base64-decoded signature bytes are in sig.bin
we can now run:
$ openssl dgst -verify certs/RamzorQRPubKey.pem -keyform PEM -sha256 -signature sig.bin data.hash
Verified OK
and receive successful verification.