Closed josephthlee closed 3 years ago
This is test data and doesn't use a production certificate. The certificate that that test data uses can be found in this JSON file: https://github.com/eu-digital-green-certificates/dgc-testdata/blob/main/AT/2DCode/raw/1.json
It also happens to be that that testing certificate is included in the Austrian test trust list:
$ ./verify_ehc.py --certs-from AT-TEST --image ./sample/at_vaccine.png
Expires At : 2021-11-02T18:00:00
Issued At : 2021-05-06T18:00:00
Issuer : AT
Is Expired : False
COSE Sig. Algo.: ES256
Signature : WBL85ny4TDkR144/YfiQ0MgOuWdYBq6+1mqi0NDJHR/JjXvLgL8A4YGAapUC4RsHEyWQG9DSwbZDh0e4zFD1IQ==
X.509 Certificate:
Key ID : d919375fc1e7b6b2 / 2Rk3X8HntrI=
Serial Nr. : 00:00:00:00:00:00:00:00:00:00:01:79:3c:8b:cf:0e:95:e2:ec:b9
Issuer : O=BMSGPK,C=AT,CN=AT DGC CSCA 1
Subject : 2.5.4.5=1,O=BMSGPK,C=AT,CN=AT DSC 1
Valid Date Range: 2021-05-05T12:41:06 - 2023-05-05T12:41:06
Version : v3
Ext. Key Usage : recovery, test, vaccination
Key Type : EllipticCurvePublicKey
Curve : secp256r1
Signature Algo. : oid=1.2.840.10045.4.3.2, name=ecdsa-with-SHA256
Signature : MEUCIQDG2opotWG8tJXN84ZZqT6wUBz9KF8D+z9NukYvnUEQ3QIgdBLFSTSiDt0UJaDF6St2bkUQuVHW6fQbONd731/M4nc=
Cert Expired : False
Valid Key Usage: True
Signature Valid: True
Payload :
{
"dob": "1998-02-26",
"nam": {
"fn": "Musterfrau-G\u00f6\u00dfinger",
"fnt": "MUSTERFRAU<GOESSINGER",
"gn": "Gabriele",
"gnt": "GABRIELE"
},
"v": [
{
"ci": "URN:UVCI:01:AT:10807843F94AEE0EE5093FBC254BD813#B",
"co": "AT",
"dn": 1,
"dt": "2021-02-18",
"is": "Ministry of Health, Austria",
"ma": "ORG-100030215",
"mp": "EU/1/20/1528",
"sd": 2,
"tg": "840539006",
"vp": "1119349007"
}
],
"ver": "1.0.0"
}
The at_vaccine.jpg sample is from https://github.com/eu-digital-green-certificates/dgc-testdata/blob/main/AT/png/1.png and its iOS app can scan and verify the picture as a valid one (see picture on bottom of this message).
However...
./verify_ehc.py --image ./sample/at_vaccine.png Expires At : 2021-11-02T18:00:00 Issued At : 2021-05-06T18:00:00 Issuer : AT Is Expired : False COSE Sig. Algo.: ES256 Signature : WBL85ny4TDkR144/YfiQ0MgOuWdYBq6+1mqi0NDJHR/JjXvLgL8A4YGAapUC4RsHEyWQG9DSwbZDh0e4zFD1IQ== Traceback (most recent call last): File "./verify_ehc.py", line 2379, in
main()
File "./verify_ehc.py", line 2370, in main
verify_ehc(ehc_msg, issued_at, certs, args.print_exts)
File "./verify_ehc.py", line 1639, in verify_ehc
raise KeyError(f'Key ID not found in trust list: {key_id.hex()}')
KeyError: 'Key ID not found in trust list: d919375fc1e7b6b2'
Why the Key ID not found and how can I solve it? Thank you!