Skip to content

Instantly share code, notes, and snippets.

@leplatrem

leplatrem/verifysig.py

Created November 29, 2019 14:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save leplatrem/9e95c5a41e235c74faa4c62fe4628357 to your computer and use it in GitHub Desktop.
Save leplatrem/9e95c5a41e235c74faa4c62fe4628357 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
verifysig.py
import base64
import ecdsa
import requests
import cryptography.x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.hashes import SHA384
from cryptography.hazmat.primitives.asymmetric import ec as cryptography_ec
from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature
x5u = "https://content-signature-2.cdn.mozilla.net/chains/pinning-preload.content-signature.mozilla.org-2019-12-24-21-43-28.chain"
signature_b64 = "80aDcD0HGWOoFHzKv3wMnfxMqgrb24Bz9G0w-87yDWaAIuj6vyCtybIl8lhE8gqmNPqSxPGCTpGqNiuW_J6_pZ2AyMRy_WN2l7asraSh5giBwKCXn6anOF8M2PsjNSi4"
data = b"""Content-Signature:\x00{"data":[],"last_modified":"1485794868067"}"""
# Fetch PEM
resp = requests.get(x5u)
cert_pem = resp.text.encode("utf-8")
# Parse PEM
cert = cryptography.x509.load_pem_x509_certificate(cert_pem, default_backend())
public_key = cert.public_key()
# Instantiate signature
signature_bytes = base64.urlsafe_b64decode(signature_b64)
r, s = ecdsa.util.sigdecode_string(signature_bytes, order=ecdsa.curves.NIST384p.order)
signature = encode_dss_signature(r, s)
# Verify
public_key.verify(signature, data, cryptography_ec.ECDSA(SHA384()))
print("Signature OK")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment