{"id":113,"date":"2012-12-04T22:04:52","date_gmt":"2012-12-04T21:04:52","guid":{"rendered":"http:\/\/46.105.150.90\/tstnunix\/?p=113"},"modified":"2012-12-04T22:04:52","modified_gmt":"2012-12-04T21:04:52","slug":"2d-doc-verify-on-your-own-the-signature","status":"publish","type":"post","link":"https:\/\/nunix.fr\/?p=113","title":{"rendered":"2d-doc, verify on your own the signature"},"content":{"rendered":"

Following the last article where I present 2d-doc, I present here a script I wrote to verify the signature on my own. There is a set of examples on the official web-site (http:\/\/www.2d-doc.com\/spip.php?page=article&id_article=15<\/a>), that you can reuse if you don’t have existing 2d-doc pictures and public key.<\/p>\n

You can find the demo material on github: https:\/\/github.com\/eirmag\/2ddoc.<\/a><\/p>\n

The facture picture contains several information, that you can again extract with ‘dmtxread’. {jcomments on}<\/p>\n

\"2d-doc-facture\"<\/p>\n

The information extracted from the figure comes into a format that is not directly interpretable by openssl. Openssl is here used to validate an ECDSA signature contained in the extracted information. But openssl needs encapsulation in ASN.1 format. The script located in github creates\u00a0 first bytes to inform of collection of byte of a certain size. Thanks to 2D-doc specifications, the size of the signature is known in advance. There is two blocs (a pair of values which is the elliptic curve signature) of 32 bits.<\/p>\n

$ echo -ne \"\\x30\\x44\\x02\\x20\" >> $sigfile #asn.1 header for sequence of 0x44 bytes, and then integer value of 0x20 bytes
$ dd ...
$ echo -ne \"\\x02\\x20\" >> $sigfile #asn.1 for integer of 0x20 bytes
$ dd ...<\/pre>\n
The script currently uses public certificate that is called \u00ab\u00a0pubkey.pem\u00a0\u00bb by convention. Just replace it with the official public key, or with the example public key. Openssl is convenient to create digital signature or to verify them. The following command indicates to use the sha256 message digest algorithm, as indicated in the specifications. The ECDSA algorithm is detected by openssl directly given the certificate.<\/p>\n
$ openssl dgst -sha256 -verify pubkey.pem -signature $sigfile $datafile
Verified OK
<\/pre>\n
Following, some resources that helped me in building the script:<\/p>\n