Digital Signature Verification failed using SHA256withRSA in Python

Question

I am trying to validate the digital signature with given certificate files for the offline aadhaar KYC verification application.

This instruction is given in the docu

Answer 1

For this project, all the instructions can be found on this page in Steps to validate signature step.

Sample data, sample public key and sample c# code can be found on this page in Offline ekyc Sample data tab.

For your own data please refer to this link and download the zip file and extract it.

Here is the ekyc public key for the other xml validation ekyc_public_key.cer

Please find the complete answer in below code snippet which is implemented in python :

from M2Crypto import BIO, RSA, EVP
from M2Crypto import X509

# 'ekyc_public_key.cer' for own your own data. as 'okyc_public_key.cer' only work for sample data only

x509 =X509.load_cert('okyc_public_key.cer')
rsa = x509.get_pubkey().get_rsa()
pubkey = EVP.PKey()
pubkey.assign_rsa(rsa)


import lxml.etree as le

with open(xml_path,'r') as f:
    doc=le.parse(f)
    for elem in doc.xpath('//*[attribute::s]'):
        sign = elem.attrib['s']
        elem.attrib.pop('s')    
data_str = str(le.tostring(doc))[2:][:-1]

data = data_str[:-2] +  ' />'

pubkey.reset_context(md='sha256')
pubkey.verify_init()

pubkey.verify_update((data_str[:-2] +  ' />').encode())

is_valid_signeture = ""
if(pubkey.verify_final(b64decode(sign)) != 1):
    print('Digital Signeture not validated')
    is_valid_signeture = 'Invalid'
else: 
    print('Digital Signeture validated') 
    is_valid_signeture = 'Valid'