Get the keyid ? and ecdsa-with-SHA256?

[developer2013]

Hello,

how can i create the keyid for the certificate and get an SHA256 Key?

thank you very much
developer2013

[nofaceinbook]

Hi,
this was not relevant for my tests. However, the keyid should consist of the first 8 hex values of SHA256 of the certificate of the signing key you use. Check out the script from @dirkx for generating all keys and certificates used in this context by using openssl: https://github.com/ehn-dcc-development/ehn-sign-verify-python-trivial/blob/main/gen-csca-dsc.sh

[developer2013]

Thank's that worked.
i have one last question: how can I change the algorithm to ECDSA prime256v1 ?
thanks

[nofaceinbook]

Well, my understandig is that the algorithm above or used for the key in the code did use ECDS with prime2561.
(openssl ecparam -name prime256v1 -genkey -noout -out sign.key)

[developer2013]

but there is some issue: Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.

keyid = '30593013'

pem = b'-----BEGIN EC PRIVATE KEY-----\n'
b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETHfi8foQF4UtSNVxSFxeu7W+gMxd'
b'SGElhdo7825SD3Lyb+Sqh4G6Kra0ro1BdrM6Qx+hsUx4Qwdby7QY0pzxyA=='
b'\n-----END EC PRIVATE KEY-----'

[nofaceinbook]

Seems you are missing / at end of these lines (refer to my key in the code). Or you put all together in one single long line string between b'......'

[developer2013]

sorry, that's not working :( the same error

pem = b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETHfi8foQF4UtSNVxSFxeu7W+gMxdSGElhdo7825SD3Lyb+Sqh4G6Kra0ro1BdrM6Qx+hsUx4Qwdby7QY0pzxyA==/'

[nofaceinbook]

You are now missing begin and end of certificate statements. Do do it exactly the way as in my example and it should work. Don't forget the / after each line....

[nofaceinbook]

And after /n'

[developer2013]

I got the same error:

pem = b'-----BEGIN EC PRIVATE KEY-----\n'
b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETHfi8foQF4UtSNVxSFxeu7W+gMxd\n'
b'SGElhdo7825SD3Lyb+Sqh4G6Kra\n'
b'0ro1BdrM6Qx+hsUx4Qwdby7QY0pzxyA=='
b'\n-----END EC PRIVATE KEY-----'

it's the same code from you.
can you check it with this key for me?
thanks

[nofaceinbook]

Ok. Same error with your key. Actually it seems a bit short. Are you sure you did not miss a part?
Which command did you use for key generation?

[dirkx-gavirate-2021]

Make use you specifyc the curve (https://github.com/ehn-dcc-development/ehn-sign-verify-python-trivial/blob/aac51a6df51cdc8d3a06f1e3ab099dc6c35e3f1c/gen-csca-dsc.sh#L9 -- the -name flag).

And make sure that the key is uncompressed. Check this with

openssl x509 -in dsc.key -noout -pubkey | openssl pkey -pubin -noout -text

and verify that the hex string starts with 04: and is followed by exactly 2x32 = 64 hex pairs.

The code from this line https://github.com/ehn-dcc-development/ehn-sign-verify-python-trivial/blob/aac51a6df51cdc8d3a06f1e3ab099dc6c35e3f1c/hc1_verify.py#L186 shows how to do this in Python

[teckow]

HI

I need help
i'm getting this error

File "C:\Python39\lib\site-packages\cose\headers.py", line 173, in is_bstr
raise ValueError("KID should be a byte string")
ValueError: KID should be a byte string

i

[teckow]

i fixed it :)
i haven't installed the correct library.

[nofaceinbook]

Great that you could directly fix it :-)

[michafroh]

I just want to ask here, whether someone find a solution to this comment:
#1 (comment)

[grynays]

HI

I need help i'm getting this error

File "C:\Python39\lib\site-packages\cose\headers.py", line 173, in is_bstr raise ValueError("KID should be a byte string") ValueError: KID should be a byte string

i

Replace
keyid = '01234567'
Ti
keyid = bytes('01234567','utf-8')

[Newpython22]

Good morning, first of all, thank you for leaving this material and that we can learn everything, I have been trying it and it gives me a series of errors, I am new and I would like to continue learning. the errors are these:
line 90, in
msg = Sign1Message(phdr={Algorithm: Es256, KID: keyid}, payload=payload)

line 41, in init
super().init(phdr, uhdr, payload, external_aad, key, *args, **kwargs)

line 84, in init
super().init(phdr, uhdr, *args, **kwargs)

line 53, in init
CoseBase._transform_header_buckets(self._phdr, phdr, kwargs.get("allow_unknown_attributes", True))

line 166, in _transform_header_buckets
_value = hp.value_parser(_value)

line 173, in is_bstr
raise ValueError("KID should be a byte string")
ValueError: KID should be a byte string

Thank u, very much!!

[dirkx]

You'll have to provide more information; exactly what are you running; with that inputs, what arguments, etc, etc.

[Newpython22]

I have already followed all the same code and it only gives me this error: line 125, in
qr_image = qrcode.make (out)
AttributeError: module 'qrcode' has no attribute 'make

[dirkx-gavirate-2021]

Sorry - but you'll have to provide a lot more information if we want to track down what is wrong. Exactly what command are you running; with exactly what input data ? Exactly what environment (os, python version, versions of the libraries used), steps to reproduce, expected result, actual result, logs/proofs/screenshots etc. As right now there is too little to go on. Just google for 'how to write a good bug report' to get an idea.

[Newpython22]

Using the same code from the beginning, with the required libraries, changing the "keyid" it generates the code in base45 that is not the same as what it should generate, regardless of whether or not it generates the qr

[grynays]

I have modified hc1_test_cert is written in three versions, they work well, gp_cert1 for vaccine, gp_rec1 for hospitalized, a gp_tamp1 for antigenic test , I hope they can be useful. Il sab 8 gen 2022, 20:21 Newpython22 ***@***.***> ha scritto:

…

[image: Sin título21] <https://user-images.githubusercontent.com/97358530/148656929-8d5e0021-4243-4f12-8ca7-eb2dee0eae0b.jpg> Using the same code from the beginning, with the required libraries, changing the "keyid" it generates the code in base45 that is not the same as what it should generate, regardless of whether or not it generates the qr — Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJL6ZSF4R6KNZV37EHKLBNDUVCFDDANCNFSM475HFPQA> . You are receiving this because you commented.Message ID: ***@***.***>

[nofaceinbook]

@Newpython22 Did you install this qrcode package: https://pypi.org/project/qrcode/ ?

[Newpython22]

already solved!!
thank you

@ Newpython22 ¿ Instaló este paquete qrcode: https://pypi.org/project/qrcode/ ?

[Newpython22]

He modificado hc1_test_cert está escrito en tres versiones, funcionan bien, gp_cert1 para vacuna, gp_rec1 para hospitalizado, un gp_tamp1 para prueba antigénica, espero que puedan ser de utilidad. Il sab 8 gen 2022, 20:21 Newpython22 @.> ha scritto:
...
[image: Sin título21] https://user-images.githubusercontent.com/97358530/148656929-8d5e0021-4243-4f12-8ca7-eb2dee0eae0b.jpg Using the same code from the beginning, with the required libraries, changing the "keyid" it generates the code in base45 that is not the same as what it should generate, regardless of whether or not it generates the qr — Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJL6ZSF4R6KNZV37EHKLBNDUVCFDDANCNFSM475HFPQA . You are receiving this because you commented.Message ID: @.>

Where are those versions published?