Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/numbersprotocol/numbers-c2pa


https://github.com/numbersprotocol/numbers-c2pa

Last synced: about 2 months ago
JSON representation

Awesome Lists containing this project

README

        

# numbers-c2pa

## Setup

Install Rust

```bash
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
```

Install c2patool

```bash
$ cargo install c2patool
```

Install numbers-c2pa

```
$ python3 -m pip install git+https://github.com/numbersprotocol/numbers-c2pa.git
```

## Usage

C2PA Injection

```python
from datetime import datetime

from numbers_c2pa import create_c2pa_manifest, inject_file

if __name__ == '__main__':
with open('examples/es256_private.key') as f:
private_key = f.read()
with open('examples/es256_certs.pem') as f:
sign_cert = f.read()
manifest = create_c2pa_manifest(
nid='this is nid',
creator_public_key='this is creator public key',
asset_hash='this is sha256hash',
date_created=datetime.now(),
location_created='123.123, 45.45',
date_captured=None,
)
inject_file(
'examples/numbers.png',
manifest=manifest,
private_key=private_key,
sign_cert=sign_cert,
)
# examples/numbers-c2pa.png will be created
# Upload file to https://verify.contentauthenticity.org/inspect to view C2PA data
```

Read C2PA data

```python
from numbers_c2pa import read_c2pa_file

if __name__ == '__main__':
c2pa_json = read_c2pa_file('examples/numbers-c2pa.png')
print(c2pa_json)

```

## Create self-signed certificate with intermediate CA

According to [c2patool](https://github.com/contentauth/c2patool#appendix-creating-and-using-an-x509-certificate) readme:

> Both the private_key and sign_cert must be in PEM format. The sign_cert must contain a PEM certificate chain starting with the end-entity certificate used to sign the claim ending with the intermediate certificate before the root CA certificate. See the sample folder for example certificates.

Using a intermediate CA certificate is required.

## Updated steps

Create end-entity and intermediate private keys

```bash
openssl ecparam -genkey -name prime256v1 -noout -out intermediate_ca.key
openssl ecparam -genkey -name prime256v1 -noout -out end_entity.key
```

Create intermediate cert

```bash
openssl req -x509 -new -key intermediate_ca.key -out intermediate_ca.crt -subj "/CN=Numbers Intermediate CA" -days 365 -sha256
```

Create `end_entity_csr.conf` file

```conf
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = v3_req
distinguished_name = dn

[ dn ]
C = US
ST = California
L = San Fransisco
O = Numbers Protocol
OU = Numbers Protocol
CN = Numbers Protocol

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = timeStamping
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = numbersprotocol.io
DNS.2 = www.numbersprotocol.io
```

Create end-entity CSR

```bash
openssl req -new -key end_entity.key -out end_entity.csr -config end_entity_csr.conf
```

Create end-entity certificate

```bash
openssl x509 -req -in end_entity.csr -CA intermediate_ca.crt -CAkey intermediate_ca.key -out end_entity.crt -days 365 -CAcreateserial -extfile end_entity_csr.conf -extensions v3_req -sha256
```

Combine certificate chain

```bash
cat end_entity.crt intermediate_ca.crt > certificate_chain.pem
```