VxSuite TDP - v4
  • System Overview
    • Election Package
      • VxSuite Election Definition
      • Ballot Definition CDF
    • Hand Marked Ballots
    • Machine Marked Ballots
    • Cast Vote Records
    • VxScan Polls Reports
    • VxAdmin Results Exports
      • Tally Reports
      • Ballot Count Reports
      • CSV Exports
      • Write-In Adjudication Report
      • CDF ERR Export
    • Software Overview
    • User Roles
    • VxAdmin Function
    • VxCentralScan Function
    • VxAdmin & VxCentralScan Hardware
    • VxScan Function
    • VxScan Hardware
    • VxMark Function
    • VxMark Hardware
    • Ballot Interpretation
    • Diagnostics
    • Signed Hash Validation
  • System Performance & Specifications
    • Supported Voting Variations & Languages
    • System Limits
      • Maximum Tabulation Rate
    • Paper Ballot Specifications
    • Reliably Detectable Marks
    • Processing Capabilities
  • System Security, Auditing & Logging
    • System Security Architecture
      • Access Control
      • Artifact Authentication
        • Hashing of Continuously Exported Cast Vote Records
        • Preserving Voter Privacy
      • System Integrity
      • Networking
      • Password and Credential Policies
      • Defense-in-Depth and Least Privilege
      • Cryptography
    • Physical Security
    • Procedural and Operational Security
    • Audit Procedure
    • Logging
    • Vulnerability Management
    • Risk Assessment
    • Hardware Criticality and Supplier Analysis
  • Software Installation
    • Trusted Build
      • Build Machine Configuration
        • Installing Debian 12 on VxBuild
      • Online Phase
      • Offline Phase
      • Final Configuration
        • Secure Boot Signing
      • Hash/Checksum Verification of Dependencies
      • Virt Manager - Network Access & Troubleshooting
    • Imaging Machines
      • Preparing USB Drives for Imaging
      • Imaging
      • Basic Configuration Wizard
      • Verifying the Image Installed on a Machine
      • Software Installation Record Creation
  • System Operations & Training Manual
  • System Inspection & Logic and Accuracy Testing
  • System Maintenance Manual
  • Usability & Accessibility
  • Audio Visual & Display Screen Settings
  • Quality Assurance Manual
  • Warranty Model
  • Public Documents
Powered by GitBook
On this page
Export as PDF
  1. System Overview

Signed Hash Validation

PreviousDiagnosticsNextSystem Performance & Specifications

Last updated 5 months ago

Signed Hash Validation provides end users with a way to verify that a VotingWorks machine is running authentic unmodified VotingWorks software.

The machine preps a payload consisting of the following, with 1//shv// as a prefix and # as a separator:

  • System hash

  • Software version

  • Election ID

  • Current timestamp

The machine signs that payload with its TPM private key and then bundles the following together, with ; as a separator:

  • Payload

  • Payload signature

  • Machine cert

This combination is displayed as a QR code. Putting this all together, the QR code contains:

message = 1//shv//<system-hash>#<software-version>#<election-id>#<current-timestamp>
qrCode  = <message>;signature(<message>);<machine-cert>

This QR code can be scanned at . The site parses the QR code and performs the following verification:

  • Verifies the machine cert using the root VotingWorks cert.

  • Extracts the machine's public key from the machine cert.

  • Uses that public key to verify the payload signature against the original payload. If this verification succeeds, we can be confident that the machine possesses the TPM private key that pairs with the public key in the machine cert.

  • Because the TPM private key will only sign data if the system hash is correct, per System Integrity, we can further be confident that the software on the machine is authentic and unmodified.

Machine UX
Web UX

Code Links

Refer to the following code links for more details:

After completing the above verification, displays a success indicator alongside the payload components and the machine ID as extracted from the machine cert. These attributes can be matched against what's displayed on the machine.

https://check.voting.works
https://check.voting.works
https://github.com/votingworks/vxsuite/blob/v4.0.0-release-branch/libs/auth/src/signed_hash_validation.ts