panzi / verify-ehc

Simple Python script to decode and verify an European Health Certificate QR-code
60 stars 17 forks source link

Provide some info on what actually happens #9

Closed dirkx closed 3 years ago

dirkx commented 3 years ago

Provide some info on what actually happens and include CMS validation of the trust list signature (with a hardcoded link to the National PKI root of the Kingdom of the Netherlands.

panzi commented 3 years ago

Cool! But I just did a change that conflicts with this. Can you resolve those conflicts, squash the commits and also un-break pyzbar support? Maybe move from pyzbar.pyzbar import decode as decode_qrcode # type: ignore after if args.image: if you want to make loading that library optional. Thank you! :smile:

dirkx commented 3 years ago

Not quite proper across test/prod

dirkx commented 3 years ago

Turned it into a warning. And quite intentionally not too fatal - as this relies on infrastructure that is not up 24x7.

So a fail here should not be in the critical path (that particular NL root certificate is already in the trust stores of the browsers, the operating system, openssl, etc by default).

dirkx commented 3 years ago

Yup - very sure.

panzi commented 3 years ago

I (rebased and) merged it with some changes. Thank you!