How the Israeli Ministry of Health should have generated the "fully vaccinated" certificate QR code

moh_safe_qr_code.py

from Crypto.PublicKey import RSA
from Crypto.Signature.pkcs1_15 import PKCS115_SigScheme
from Crypto.Hash import SHA512

import qrcode
import base64

from PIL import Image
from pyzbar import pyzbar


KEY_SIZE = 1024  # bit


def generate_key_pair():
    return RSA.generate(bits=KEY_SIZE)


def sign(key_pair, message):
    sha512_hash = SHA512.new(message)
    signer = PKCS115_SigScheme(key_pair)
    return signer.sign(sha512_hash)


def is_valid(public_key, signature, message):
    sha512_hash = SHA512.new(message)
    verifier = PKCS115_SigScheme(public_key)
    try:
        verifier.verify(sha512_hash, signature)
        return True
    except ValueError:
        return False


if __name__ == '__main__':

    message = b'Israel Israeli 012345678'

    key_pair = generate_key_pair()
    signature = sign(key_pair, message)

    path = r'out.png'

    # Generate certificate
    output = signature + message
    qrcode.make(base64.encodebytes(output)).save(open(path, 'wb'))

    # Read and verify certificate
    data = base64.decodebytes(pyzbar.decode(Image.open(path))[0].data)
    idx = KEY_SIZE // 8
    signature, message = data[:idx], data[idx:]

    if is_valid(key_pair.public_key(), signature, message):
        print(f'{message} is valid')
    else:
        print(f'{message} is invalid')

Example:

b'Israel Israeli 012345678' is valid