Skip to content
/ hkecert Public

Sign, verify, encrypt and decrypt messages with Hong Kong Post e-Cert (香港郵政電子證書) and other PKCS#12 certificates.

License

MIT license
66 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

songyuew/hkecert

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits

img

img

 
 

.gitignore

.gitignore

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

ecert.py

ecert.py

 
 

openssl_cmd.md

openssl_cmd.md

 
 

Repository files navigation

Hong Kong Post e-Cert Utilities

Sign, verify, encrypt and decrypt messages with Hong Kong Post e-Cert (香港郵政電子證書) and other PKCS#12 PKI certificates.

e-Cert USB Programme

Functions

Hong Kong Post is acting as the CA to connect legal identities with digital certificates. Therefore, signed messages can be used for identity verification or proof of true willingness (signer's authentication, data integrity and non-repudiation).

  • Sign message
  • Verify signature
  • Encrypt message
  • Decrypt message
  • View certificate
  • Extract public key in PEM format, RSA modulus and exponent from .p12 file

Getting Started

Prerequisites

You need to have your e-Cert file in .p12 format ready.

  • Apply a e-Cert from Hong Kong Post e-Cert (Note: personal e-Cert with mutual recognition status cannot be used in this programme)
  • Import the PKCS#12 certificate to your computer. Please refer to Hong Kong Post Website for instructions.

Installation

  1. Install dependencies for ecert.py

    pip install -r requirements.txt

  2. It is suggested to store your PKCS#12 certificate in the same directory as the python programme.

If you don't have Python and pip, you may use the ecert.exe executable.

Sign

  • Enter message to sign
  • Enter the path to your PKCS#12 certificate
  • Enter password for your certificate (can be found in the PIN envelope if this is the first time you use it)
  • If successfully signed, a .sig file will be generated to the directory of the programme, with the current timestamp as its filename
  • You may then send the message and signature to your recipient

Sign

Verify

  • Enter message to verify
  • Enter the path to the corresponding .sig file
  • Enter the path of sender's .cer certificate (certificate can be found from Hong Kong Post e-Cert Directory)
  • If successfully verified, you will see a message

Verify

Encrypt

  • Enter message to encrypt
  • Enter the path of recipient's .cer certificate (certificate can be found from Hong Kong Post e-Cert Directory)
  • If successfully signed, a .enc cipher file will be generated to the directory of the programme, with the current timestamp as its filename
  • You may then send the cipher file to the recipient. He/she should be able to use his/her PKCS#12 e-Cert to decrypt

Encrypt

Decrypt

  • Enter the path of .enc cipher file
  • Enter the path of your PKCS#12 e-Cert
  • Enter password for your certificate (can be found in the PIN envelope if this is the first time you use it)
  • If successfully decrypted, you will see the plaintext message

Decrypt

View Certificate

View Certificate

Extract Public Key and RSA Parameters

  • Enter the path to your PKCS#12 certificate
  • Enter password for your certificate

Extract Public Key

Using OpenSSL CLI

Please refer to OpenSSL Commands

License

Distributed under the MIT License. See LICENSE.md for more information.

Contact

Project Link: https://github.com/songyuew/ecert

Acknowledgments

About

Sign, verify, encrypt and decrypt messages with Hong Kong Post e-Cert (香港郵政電子證書) and other PKCS#12 certificates.

Topics

cryptography encryption certificate verification pki

Resources

Readme

License

MIT license
Activity

Stars

66 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages