numbersprotocol / pyc2pa Goto Github PK

View Code? Open in Web Editor NEW

34.0 10.0 3.0 1.66 MB

Python implementation of C2PA: Coalition for Content Provenance and Authenticity.

License: GNU General Public License v3.0

Python 100.00%

c2pa cai content-provenance content-authenticity provenance authenticity fake-news disinformation

pyc2pa's Introduction

PyC2PA

(photo source: C2PA)

PyC2PA is Python implementation of C2PA (Coalition for Content Provenance and Authenticity) addressing the prevalence of misleading information online through the development of technical standards for certifying the source and history (or provenance) of media content. The latest tool can be checked in C2PA tool (Command Line Interface).

Quick Trial

Download the testing photo: meimei-fried-chicken-cai-cai-cai.jpg
Go to the CAI beta verification website and upload the photo.
You should see the C2PA information (3 injections) like this:

Installation

$ sudo apt install swig
$ python3 -m pip install c2pa

C2PA CLI

In command line run:

$ c2pa [-h] [-a ASSERTION] [--provider PROVIDER] [--recorder RECORDER] [-k KEY] [-c CERT] [-i INJECT] [-d]

Example

Files used in the following examples are provided in example.zip

$ unzip example.zip
$ cd example

Generate private key and certificate.

$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

Generate thumbnail image.

$ convert -resize 1024x768 meimei-fried-chicken.jpg c2pa.thumbnail.claim.jpeg.jpg

Generate meimei-fried-chicken-cai.jpg containing single C2PA injection.

$ c2pa \
    -a stds.schema-org.CreativeWork.json \
    -a c2pa.thumbnail.claim.jpeg.jpg \
    -a starling.integrity.json \
    --provider "numbersprotocol" \
    --recorder "Starling Capture using Numbers Protocol" \
    -k key.pem \
    -c cert.pem \
    -i meimei-fried-chicken.jpg

Generate meimei-fried-chicken-cai-cai.jpg containing 2 C2PA injections.

$ c2pa \
    -a stds.schema-org.CreativeWork.json \
    -a c2pa.thumbnail.claim.jpeg.jpg \
    -a starling.integrity.json \
    --provider "numbersprotocol" \
    --recorder "Starling Capture using Numbers Protocol" \
    -k key.pem \
    -c cert.pem \
    -i meimei-fried-chicken-cai.jpg

Quick Start

In pyc2pa/utils/, there are two examples showing how to do single injection and multiple injection programmatically.

# Prepare testing input JPEG photo and its thumbnail.
# Assuming that testing input JPEG is ~/meimei-fried-chicken.jpg
$ cd pyc2pa/utils/
$ cp ~/meimei-fried-chicken.jpg .
$ convert -resize 50% meimei-fried-chicken.jpg meimei-fried-chicken-thumbnail.jpg

# Run single injection example
# (download meimei-fried-chicken-cai.jpg from IPFS)
# output: meimei-fried-chicken-cai.jpg
$ python3 c2pa_hello_world.py

# Run multiple injection example
# output: meimei-fried-chicken-cai-cai-cai.jpg
$ python3 c2pa_multiple_injection.py meimei-fried-chicken.jpg

Development Tips

Currently, the main branch is based on C2PA spec draft v0.7 (compatible with the latest C2PA spec draft).
The feature-support-c2pa-photo branch follows the latest C2PA spec implementation.
pyc2pa/utils/ contains examples of single injection and multiple injection.
pyc2pa/utils/digital-signature/ contains detailed documents and example codes how to create and verify a C2PA signature.

pyc2pa's People

Contributors

Stargazers

Watchers

Forkers

geofstone harshitdawar55 chriss-0x01

pyc2pa's Issues

Can not support using copy of raw photo as thumbnail for some photos

Related issue: #14

Steps to Reproduce

bafu@bafu-XPS-13-7390  ~/codes/starling-cai/utils   master  sha256sum scott.jpg 
55146f1665fa84fe2a76d13772f7f83ea02a188cde68a047cb9acd2e28005d90  scott.jpg

bafu@bafu-XPS-13-7390  ~/codes/starling-cai/utils   master  cp scott.jpg scott-thumbnail.jpg 

bafu@bafu-XPS-13-7390  ~/codes/starling-cai/utils   master  python3 starling_multiple_injection.py scott.jpg 
Traceback (most recent call last):
  File "starling_multiple_injection.py", line 173, in <module>
    photo_bytes = starling.cai_injection()
  File "/home/bafu/codes/starling-cai/cai/starling.py", line 180, in cai_injection
    cai_data_bytes = self.multiple_claims_injection()  File "/home/bafu/codes/starling-cai/cai/starling.py", line 175, in multiple_claims_injection
    cai_data_bytes = insert_xmp_key(data_bytes, store_label=self.store_label)
  File "/home/bafu/codes/starling-cai/cai/core.py", line 93, in insert_xmp_key
    metadata.write()
  File "/home/bafu/.local/lib/python3.8/site-packages/pyexiv2/metadata.py", line 127, in write
    self._image._writeMetadata()
OSError: Input data does not contain a valid image

If we create a thumbnail with smaller size, injection can be done successfully:

bafu@bafu-XPS-13-7390  ~/codes/starling-cai/utils   master  convert -resize 100x100 scott.jpg scott-thumbnail.jpg 

bafu@bafu-XPS-13-7390  ~/codes/starling-cai/utils   master  python3 starling_multiple_injection.py scott.jpg

Raw photo

Environment

starling-cai: v1.3.1
Python: 3.8.2

Incorrect UUIDs

Description

Information from Maurice@CAI

Maurice Fisher 1:00 AM
I looked at the sample you provided. It looks like the JUMBF boxes do not have the correct UUID. So we fail the load. I saw incorrect UUIDs for at least the json assertion box and the signature boxes.

I double checked the UUIDs of Assertions and Signature.

For Assertion, the UUID should be 0x6A736F6E-0011-0010-8000-00AA00389B71 for JSON:

For Signature, the UUID should be 0x63617367-0011-0010-8000-00AA00389B71 for Claim Signature:

feature-support-c2pa-photo nor main follow the latest spec

attempting to verify the authenticity with the provided URL (https://contentcredentials.org/verify) gives:

This asset was created with an older version of Content Credentials. You must use an older version of Verify to view its information.

I am open to implementing the new features and making a PR if somebody can link to a place that lists the changes between whatever version this repo is on (0.7 I think?) and the versions going up to whatever latest c2pa spec is (if said document exists), but from the actual drafts is a bit much since I have too little understanding to tell what is changed from the previous version by reading the spec of the new version

Asset Repository

Doing multi-injection multiple times causes the injected image to be corrupted

There are 2 scenarios of this issue. I'm not sure if they share the same root cause, but since the scenarios are similar I'll include both here.

Scenario 1

When using the modified example script, leaving the thumbnail_bytes empty will corrupt the 3rd multi-injected image, and no exception is raised during the process.

Modified example script

This is a minimal modification base on https://github.com/numbersprotocol/starling-cai/blob/master/utils/starling_multiple_injection.py to reproduce the issue.

Run the script with python3 <script-file> <jpeg-image-to-be-injected>

#!/usr/bin/python3
#
# Starling Hello World Example for multi-injection.
#
# This program will inject 3 CAI Stores.
#
# Usage
#     $ python3 starling_multiple_injection.py <image-filepath>
#
# Verify
#     1. Go to https://verify.contentauthenticity.org/inspect
#     2. Drag and drop the generated image.
#     3. The webpage will show the CAI information.

import os
import sys

from cai.jumbf import json_to_bytes
from cai.starling import Starling


photo_filename = sys.argv[1]
# thumbnail_filename = sys.argv[1].replace('.jpg', '-thumbnail.jpg')

photo_bytes = open(photo_filename, 'rb').read()
# thumbnail_bytes = open(thumbnail_filename, 'rb').read()

location = ''
owner = ''
thumbnail_bytes = b''
public_key = ''
media_hash = ''
timestamp = ''
recorder1 = ''
recroder2 = ''
recorder3 = ''


metadata = [
    {
        'claim': {
            'store_label': 'cb.Authmedia_1',
            'recorder': recorder1,
        },
        'assertions': {
            'adobe.asset.info': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'title': photo_filename
                })
            },
            'cai.location.broad': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'location': location
                })
            },
            'cai.rights': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'copyright': owner
                })
            },
            'cai.claim.thumbnail.jpg.jpg': {
                'type': '.jpg',
                'data_bytes': thumbnail_bytes
            },
            'cai.acquisition.thumbnail.jpg.jpg': {
                'type': '.jpg',
                'data_bytes': thumbnail_bytes
            },
            'starling.integrity.json': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'starling:PublicKey': public_key,
                    'starling:MediaHash': media_hash,
                    'starling:MediaKey': '',
                    'starling:CaptureTimestamp': timestamp,
                })
            }
        }
    },
    {
        'claim': {
            'store_label': 'cb.IOTAIntegrityChain_2',
            'recorder': recroder2,
        },
        'assertions': {
            'adobe.asset.info': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'title': photo_filename
                })
            },
            'cai.location.broad': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'location': location
                })
            },
            'cai.rights': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'copyright': owner
                })
            },
            'cai.claim.thumbnail.jpg.jpg': {
                'type': '.jpg',
                'data_bytes': thumbnail_bytes
            },
            'cai.acquisition.thumbnail.jpg.jpg': {
                'type': '.jpg',
                'data_bytes': thumbnail_bytes
            },
            'starling.integrity.json': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'starling:PublicKey': public_key,
                    'starling:MediaHash': media_hash,
                    'starling:MediaKey': '',
                    'starling:CaptureTimestamp': timestamp
                })
            }
        }
    },
    {
        'claim': {
            'store_label': 'cb.ThunderCoreNFTChain_3',
            'recorder': recorder3,
        },
        'assertions': {
            'adobe.asset.info': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'title': photo_filename
                })
            },
            'cai.location.broad': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'location': location
                })
            },
            'cai.rights': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'copyright': owner
                })
            },
            'cai.claim.thumbnail.jpg.jpg': {
                'type': '.jpg',
                'data_bytes': thumbnail_bytes
            },
            'cai.acquisition.thumbnail.jpg.jpg': {
                'type': '.jpg',
                'data_bytes': thumbnail_bytes
            },
            'starling.integrity.json': {
                'type': '.json',
                'data_bytes': json_to_bytes({
                    'starling:PublicKey': public_key,
                    'starling:MediaHash': media_hash,
                    'starling:CaptureTimestamp': timestamp,
                })
            }
        }
    },
]

# 1st CAI injection: Authmedia
# 2nd CAI injection: IOTA
# 3rd CAI injection: ThunderCore
for i in range(3):
    starling = Starling(photo_bytes,
                        photo_filename,
                        metadata[i]['assertions'],
                        metadata[i]['claim']['store_label'],
                        metadata[i]['claim']['recorder'],
                        '',
                        '')
    photo_bytes = starling.cai_injection()

# Save to file
fname, fext = os.path.splitext(photo_filename)
fpath = fname + '-cai-cai-cai' + fext
with open(fpath, 'wb') as f:
    f.write(photo_bytes)

Corrupted image

Scenario 2

This thirdly injected image has valid thumbnail_bytes value (it can be seen on the Verify site), but it is still corrupted. I haven't figured out the reason yet.

Corrupted image

import libexiv2python doesn't work on macOS

Tried to run c2pa_hello_world.py and ran into the following issue:

$ python c2pa_hello_world.py
Traceback (most recent call last):
  File "c2pa_hello_world.py", line 39, in <module>
    from c2pa.starling import Starling
  File "/Users/macuser/Desktop/coding_projects/pyc2pa/lib/python3.7/site-packages/c2pa-1.4.1-py3.7.egg/c2pa/starling.py", line 21, in <module>
  File "/Users/macuser/Desktop/coding_projects/pyc2pa/lib/python3.7/site-packages/c2pa-1.4.1-py3.7.egg/c2pa/core.py", line 22, in <module>
  File "/Users/macuser/Desktop/coding_projects/pyc2pa/lib/python3.7/site-packages/py3exiv2-0.9.3-py3.7-macosx-10.9-x86_64.egg/pyexiv2/__init__.py", line 60, in <module>
    import libexiv2python
ImportError: dlopen(/Users/macuser/Desktop/coding_projects/pyc2pa/lib/python3.7/site-packages/py3exiv2-0.9.3-py3.7-macosx-10.9-x86_64.egg/libexiv2python.cpython-37m-darwin.so, 2): Symbol not found: _PyCMethod_New
  Referenced from: /usr/local/opt/boost-python3/lib/libboost_python39.dylib
  Expected in: flat namespace
 in /usr/local/opt/boost-python3/lib/libboost_python39.dylib

May be an issue with libexiv2python on macOS.

Machine Specifications:

macOS Mojave
Version 10.14.5

Support Assertion hash validation

Code: https://github.com/numbersprotocol/starling-cai/blob/master/utils/encode_hashlink.py

Hash link generated by Photoshop: multiple-claims-cai_assertionhash-errors.txt

C2PA hello world example cannot work

Thanks for Jonathan Foote's feedback!

The demo utils/c2pa_hello_world.py shows IPFS errors

Any comments about the following information are welcome!

Steps to reproduce the error
The error encountered

pycrypto outdated & missing endesive library

Issue:
Current cms signature implementation uses pycrypto library. For newer versions of python (3.8 and higher) it doesn't work due to time.clock being removed. See below:

Fix:
Uninstall pycrpto and install pycryptodome which is a fork of pycrypto

Edit: Need to change library in setup.py to reflect change and add endesive library

import subprocess
from setuptools import setup
from setuptools import find_packages
with open("README.md", "r") as f:
    long_description = f.read()
setup(
    name='cai',
    version='v1.2.1',
    description='Content Authenticity Initiative Implementation.',
    long_description=long_description,
    long_description_content_type="text/markdown",
    url='https://github.com/numbersprotocol.io/starling-cai',
    author='Numbers Inc.',
    author_email='[email protected]',
    license='GPLv3',
    # https://pypi.python.org/pypi?%3Aaction=list_classifiers
    classifiers=[
        'Development Status :: 4 - Beta',
        'Intended Audience :: Science/Research',
        'Topic :: Scientific/Engineering :: Artificial Intelligence',
        'License :: OSI Approved :: GNU General Public License v3 (GPLv3)',
        'Programming Language :: Python :: 3',
        'Programming Language :: Python :: 3.8',
    ],
    keywords=['wheels'],
    packages=find_packages(exclude=['tests']),
    install_requires=[
        'py-multibase>=1.0.3',
        'pycryptodome',
        'pymultihash>=0.8.2',
        'py3exiv2>=0.9.3',
        'endesive',
        #'tox',
    ],
    python_requires='>=3',
    entry_points={
        'console_scripts': [
            'cai_tool=cai.cai_tool:main',
            'starling_cai=cai.starling:main',
        ]
    },
    test_suite='tests'
)

Support multiple Claims

Testing input

Fail to parse the generated CAI data

Steps to Reproduce

Create CAI data by entering these answers

$ python3 cai_tool.py | tee starling-cai-rollback.txt
How many assertions? 4
Assertion JSON: data/Assertions/starling.device.json
Assertion Label: starling.device
Assertion JSON: data/Assertions/starling.integrity.json
Assertion Label: starling.integrity
Assertion JSON: data/Assertions/starling.location.precise.json
Assertion Label: starling.location.precise
Assertion JSON: data/Assertions/starling.sensors.json
Assertion Label: starling.sensors
Claim JSON: data/Claim/starling.claim.json
Store label: cb.starling_1

Insert the CAI data into dog.jpg after the leading bytes FFD8
- CAI data: starling-cai-rollback.txt
- Raw image: dog.jpg
- Injected image: dog-rollback
Run CAI parser

You will get the error *** box unknown box has invalid box length

Environment

starling-cai: commit dfe61a3 (cai-tool)
codestream-parser: commit 7fb6d4b (feature-support-py3)

JSON parsing function's results keep growing in memory

Reported by James

James 6:02 PM
@bafu omg
`cai_json = caifile.get_cai_json_from_f(f)`
這個有 side effect

James  6:03 PM
前一次的結果會存在 memory 裡面，第二次 call 會 append 到之前的東西裡面

CAI verification website does not list C2PA Information from test image

Downloading the image as linked from the readme and then uploading to CAI verification website shows no credentials for the asset. Are there other assets with C2PA information available to test with?

.

Unable to install c2pa on a MacOS

I am trying to install this on a M1 Mac with Big Sur, but hitting this error:

❯❯❯ python3.9 -m pip install c2pa
DEPRECATION: Configuring installation scheme with distutils config files is deprecated and will no longer work in the near future. If you are using a Homebrew or Linuxbrew Python, please see discussion at https://github.com/Homebrew/homebrew-core/issues/76621
Collecting c2pa
  Using cached c2pa-1.4.1-py3-none-any.whl (41 kB)
Collecting endesive>=2.0.2
  Using cached endesive-2.0.6-py3-none-any.whl (340 kB)
Collecting pycryptodome>=3.9.9
  Using cached pycryptodome-3.11.0.tar.gz (3.8 MB)
  Preparing metadata (setup.py) ... done
Collecting py-multibase>=1.0.3
  Using cached py_multibase-1.0.3-py2.py3-none-any.whl (6.4 kB)
Collecting pymultihash>=0.8.2
  Using cached pymultihash-0.8.2-py3-none-any.whl (13 kB)
Collecting py3exiv2>=0.9.3
  Using cached py3exiv2-0.9.3.tar.gz (36 kB)
  Preparing metadata (setup.py) ... done
ERROR: No .egg-info directory found in /private/var/folders/74/r2wbwfq921d_5vb635l1nmym0000gn/T/pip-pip-egg-info-_r5vkis_

I initially suspected this is a problem with my local environment, but I have updated everything, and this seems to be the only package giving me this problem. Here's a successful installation of another python package:

❯❯❯ python3.9 -m pip install pillow
DEPRECATION: Configuring installation scheme with distutils config files is deprecated and will no longer work in the near future. If you are using a Homebrew or Linuxbrew Python, please see discussion at https://github.com/Homebrew/homebrew-core/issues/76621
Collecting pillow
  Downloading Pillow-8.4.0-cp39-cp39-macosx_11_0_arm64.whl (2.8 MB)
     |████████████████████████████████| 2.8 MB 11.0 MB/s
Installing collected packages: pillow
DEPRECATION: Configuring installation scheme with distutils config files is deprecated and will no longer work in the near future. If you are using a Homebrew or Linuxbrew Python, please see discussion at https://github.com/Homebrew/homebrew-core/issues/76621
Successfully installed pillow-8.4.0

I understand the instructions are for Linux, but this part should be same across platforms. Has anyone tried this on a Mac, or this latest package on Linux?

This part shouldn't matter, but I also have done a brew install swig. Where is swig needed anyways?

Thanks for the help!

Injection error

Image https://drive.google.com/file/d/17DgQCF-TOUEk9LaroHYa9OPaGhXw6soQ/view?usp=sharing

Image sha256sum: 55146f1665fa84fe2a76d13772f7f83ea02a188cde68a047cb9acd2e28005d90

$ git checkout 72735b
$ mv <downloaded-image> dog.jpeg
$ cp dog.jpeg dog-thumbnail.jpeg
$ python3 utils/starling_multiple_injection.py dog.jpeg                                                15:41:23  Traceback (most recent call last):  File "/Users/shc/numbers/github/starling-cai/utils/starling_multiple_injection.py", line 166, in <module>    starling = Starling(photo_bytes,
  File "/Users/shc/numbers/github/starling-cai/cai/starling.py", line 74, in __init__
    self.app11_headers = get_app11_marker_segment_headers(self.raw_bytes)
  File "/Users/shc/numbers/github/starling-cai/cai/jumbf.py", line 219, in get_app11_marker_segment_headers
    header['tbox']   = data_bytes[offset + 16 : offset + 20].decode('utf-8')
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xed in position 3: unexpected end of data

System Dependency Issue

Running into issues with setting up pyc2p in newly created virtual environment.

$ python3 -m pip install c2pa
Requirement already satisfied: c2pa in /Users/macuser/Desktop/coding_projects/numbers/pyc2pa (1.4.1)
Requirement already satisfied: py-multibase>=1.0.3 in /Applications/anaconda3/lib/python3.7/site-packages (from c2pa) (1.0.3)
Requirement already satisfied: pycryptodome>=3.9.9 in /Applications/anaconda3/lib/python3.7/site-packages/pycryptodome-3.9.9-py3.7-macosx-10.9-x86_64.egg (from c2pa) (3.9.9)
Requirement already satisfied: pymultihash>=0.8.2 in /Applications/anaconda3/lib/python3.7/site-packages (from c2pa) (0.8.2)
Requirement already satisfied: py3exiv2>=0.9.3 in /Applications/anaconda3/lib/python3.7/site-packages (from c2pa) (0.9.3)
Requirement already satisfied: endesive>=2.0.2 in /Applications/anaconda3/lib/python3.7/site-packages/endesive-2.0.3-py3.7.egg (from c2pa) (2.0.3)
Requirement already satisfied: morphys<2.0,>=1.0 in /Applications/anaconda3/lib/python3.7/site-packages (from py-multibase>=1.0.3->c2pa) (1.0)
Requirement already satisfied: six<2.0,>=1.10.0 in /Applications/anaconda3/lib/python3.7/site-packages (from py-multibase>=1.0.3->c2pa) (1.10.0)
Requirement already satisfied: python-baseconv<2.0,>=1.2.0 in /Applications/anaconda3/lib/python3.7/site-packages (from py-multibase>=1.0.3->c2pa) (1.2.0)
Requirement already satisfied: cryptography in /Applications/anaconda3/lib/python3.7/site-packages (from endesive>=2.0.2->c2pa) (2.7)
Requirement already satisfied: asn1crypto in /Applications/anaconda3/lib/python3.7/site-packages (from endesive>=2.0.2->c2pa) (1.0.1)
Requirement already satisfied: oscrypto in /Applications/anaconda3/lib/python3.7/site-packages (from endesive>=2.0.2->c2pa) (1.2.1)
Requirement already satisfied: lxml in /Applications/anaconda3/lib/python3.7/site-packages (from endesive>=2.0.2->c2pa) (4.4.1)
Collecting pykcs11 (from endesive>=2.0.2->c2pa)
  Using cached https://files.pythonhosted.org/packages/70/0c/129e4b81340338e00ea8617df3b9a0bb3864357a0955e1654e263beef65c/PyKCS11-1.5.10.tar.gz
Requirement already satisfied: Pillow in /Applications/anaconda3/lib/python3.7/site-packages (from endesive>=2.0.2->c2pa) (6.2.0)
Requirement already satisfied: pytz in /Applications/anaconda3/lib/python3.7/site-packages (from endesive>=2.0.2->c2pa) (2019.3)
Requirement already satisfied: requests in /Applications/anaconda3/lib/python3.7/site-packages (from endesive>=2.0.2->c2pa) (2.22.0)
Requirement already satisfied: paramiko in /Applications/anaconda3/lib/python3.7/site-packages (from endesive>=2.0.2->c2pa) (2.7.2)
Requirement already satisfied: pyopenssl in /Applications/anaconda3/lib/python3.7/site-packages (from endesive>=2.0.2->c2pa) (19.0.0)
Requirement already satisfied: attrs in /Applications/anaconda3/lib/python3.7/site-packages (from endesive>=2.0.2->c2pa) (19.2.0)
Requirement already satisfied: cffi!=1.11.3,>=1.8 in /Applications/anaconda3/lib/python3.7/site-packages (from cryptography->endesive>=2.0.2->c2pa) (1.12.3)
Requirement already satisfied: idna<2.9,>=2.5 in /Applications/anaconda3/lib/python3.7/site-packages (from requests->endesive>=2.0.2->c2pa) (2.8)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /Applications/anaconda3/lib/python3.7/site-packages (from requests->endesive>=2.0.2->c2pa) (3.0.4)
Requirement already satisfied: certifi>=2017.4.17 in /Applications/anaconda3/lib/python3.7/site-packages (from requests->endesive>=2.0.2->c2pa) (2019.9.11)
Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /Applications/anaconda3/lib/python3.7/site-packages (from requests->endesive>=2.0.2->c2pa) (1.24.2)
Requirement already satisfied: bcrypt>=3.1.3 in /Applications/anaconda3/lib/python3.7/site-packages (from paramiko->endesive>=2.0.2->c2pa) (3.2.0)
Requirement already satisfied: pynacl>=1.0.1 in /Applications/anaconda3/lib/python3.7/site-packages (from paramiko->endesive>=2.0.2->c2pa) (1.4.0)
Requirement already satisfied: pycparser in /Applications/anaconda3/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography->endesive>=2.0.2->c2pa) (2.19)
Building wheels for collected packages: pykcs11
  Building wheel for pykcs11 (setup.py) ... error
  ERROR: Command errored out with exit status 1:
   command: /Applications/anaconda3/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/private/var/folders/01/14lsxh9x7czd37dg3pfksr1h0000gn/T/pip-install-k5si2hen/pykcs11/setup.py'"'"'; __file__='"'"'/private/var/folders/01/14lsxh9x7czd37dg3pfksr1h0000gn/T/pip-install-k5si2hen/pykcs11/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /private/var/folders/01/14lsxh9x7czd37dg3pfksr1h0000gn/T/pip-wheel-78ed34nf --python-tag cp37
       cwd: /private/var/folders/01/14lsxh9x7czd37dg3pfksr1h0000gn/T/pip-install-k5si2hen/pykcs11/
  Complete output (8 lines):
  running bdist_wheel
  running build
  running build_ext
  building 'PyKCS11._LowLevel' extension
  swigging src/pykcs11.i to src/pykcs11_wrap.cpp
  swig -python -c++ -o src/pykcs11_wrap.cpp src/pykcs11.i
  unable to execute 'swig': No such file or directory
  error: command 'swig' failed with exit status 1
  ----------------------------------------
  ERROR: Failed building wheel for pykcs11
  Running setup.py clean for pykcs11
Failed to build pykcs11
Installing collected packages: pykcs11
  Running setup.py install for pykcs11 ... error
    ERROR: Command errored out with exit status 1:
     command: /Applications/anaconda3/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/private/var/folders/01/14lsxh9x7czd37dg3pfksr1h0000gn/T/pip-install-k5si2hen/pykcs11/setup.py'"'"'; __file__='"'"'/private/var/folders/01/14lsxh9x7czd37dg3pfksr1h0000gn/T/pip-install-k5si2hen/pykcs11/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /private/var/folders/01/14lsxh9x7czd37dg3pfksr1h0000gn/T/pip-record-996wa7u3/install-record.txt --single-version-externally-managed --compile
         cwd: /private/var/folders/01/14lsxh9x7czd37dg3pfksr1h0000gn/T/pip-install-k5si2hen/pykcs11/
    Complete output (8 lines):
    running install
    running build
    running build_ext
    building 'PyKCS11._LowLevel' extension
    swigging src/pykcs11.i to src/pykcs11_wrap.cpp
    swig -python -c++ -o src/pykcs11_wrap.cpp src/pykcs11.i
    unable to execute 'swig': No such file or directory
    error: command 'swig' failed with exit status 1
    ----------------------------------------
ERROR: Command errored out with exit status 1: /Applications/anaconda3/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/private/var/folders/01/14lsxh9x7czd37dg3pfksr1h0000gn/T/pip-install-k5si2hen/pykcs11/setup.py'"'"'; __file__='"'"'/private/var/folders/01/14lsxh9x7czd37dg3pfksr1h0000gn/T/pip-install-k5si2hen/pykcs11/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /private/var/folders/01/14lsxh9x7czd37dg3pfksr1h0000gn/T/pip-record-996wa7u3/install-record.txt --single-version-externally-managed --compile Check the logs for full command output.

Issue above resolved by install swig. May be a good idea to set up Docker

Fail to pass signature verification

Created a CAI-injected photo, and failed to pass signature verification.

Steps to Reproduce

Create a keypair by following README:

$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 7
$ openssl pkcs12 -export -out certificate.p12 -inkey key.pem -in cert.pem
$ openssl rsa -in key.pem -pubout -out pubkey.pem

Create a CAI-injected testing photo

Download and extract cicada.zip, and replace my key.pem, pubkey.pem, certificate.p12, cert.pem to yours.
```
$ cd cicada
$ ./run.sh cicada.jpg
```
You will get a CAI-injected photo cicada-cai.jpg.
Get Claim indented JSON and Signature HEX string from CAI JSON parser

caifile.py
```
$ python3 caifile.py cicada.jpg
```
Convert Claim indented JSON to the Claim JSON for Signature

You can not remove spaces directly because the value of some fields contains space(s). You need to remove spaces like json_to_bytes.
Convert the Signature HEX string to Signature binary

Copy and paste the Signature HEX string to sighex as the input file and run hex2bin.py to generate sigbin as the output file:
```
$ python3 hex2bin.py sighex sigbin
```

Verify the Claim and its Signature

$ openssl pkcs7 -inform der -in sigbin -out sigbin.pkcs7
$ openssl pkcs7 -print_certs -in sigbin.pkcs7 -out sigbin.cert
$ openssl smime -verify -binary -inform der -in sigbin.der -content claim.json -certfile sigbin.cert -noverify

You will get a verification failure.

Followed the Signature tutorial and also failed to verify:

$ python3 digital_signature.py -v pubkey.pem claim.json sigbin
Verifying Signature
Failure

Environment

starling-cai: commit 42572cc (fix-fail-to-verify-signature branch)
codestream-parser: commit f0f97c4 (feature-caifile-parser branch)

numbersprotocol / pyc2pa Goto Github PK

pyc2pa's Introduction

PyC2PA

Quick Trial

Installation

C2PA CLI

Example

Quick Start

Development Tips

pyc2pa's People

Contributors

Stargazers

Watchers

Forkers

pyc2pa's Issues

Scenario 1

Modified example script

Corrupted image

Scenario 2

Corrupted image

Recommend Projects

Recommend Topics

Recommend Org

Jobs