0

I'm trying to verify a signature according to the documentation. Here is an example:

# cryptography==37.0.4
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
import base64

data = b"demo data"
signature = b"demo signature"

public_key_base64 = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWdp8GPcGqmhgzEFj9Z2nSpQVddayaPe4FMzqM9wib1+aHaaIzoHoLN9zW4K8y4SPykE3YVK3sVqW6Af0lfx3gg=="
public_key_bytes = base64.b64decode(public_key_base64)
apple_public_key = ec.EllipticCurvePublicKey.from_encoded_point(ec.SECP256R1(), public_key_bytes)

apple_public_key.verify(
    signature,
    data,
    ec.ECDSA(hashes.SHA256())
)

from_encoded_point generates:

    raise ValueError("Unsupported elliptic curve point type")
ValueError: Unsupported elliptic curve point type

Also tried different approaches from chat GPT but none works. Could you provide a working example please?

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125
Danila Ganchar
  • 10,266
  • 13
  • 49
  • 75
  • JFYI: [similar question](https://stackoverflow.com/questions/64496534/how-to-verify-a-postback-with-skadnetwork-apple), [verifier](https://github.com/d-ganchar/vap) – Danila Ganchar Jun 06 '23 at 14:35

1 Answers1

1

The key appears to be a base64 encoded SubjectPublicKeyInfo formatted public key. The cryptography module provide a general method for decoding these for all the public key types it supports via the cryptography.hazmat.primitives.serialization module. Thus, the fix is simply to replace

apple_public_key = ec.EllipticCurvePublicKey.from_encoded_point(ec.SECP256R1(), public_key_bytes)

with the much simpler

apple_public_key = serialization.load_der_public_key(public_key_bytes)

and of course add serialization to the relevant import statement:

from cryptography.hazmat.primitives import hashes, serialization
President James K. Polk
  • 40,516
  • 21
  • 95
  • 125