Well, I hope that’s useful to some. I’ve written this to convince myself that the code is safe from a privacy perspective, so that’s why other interesting aspects like signature verification or a deeper look at the technologies involved (Base45, CBOR/COSE, …) was left out.
The cryptic numbers 1119349007 and 840539006 are the SNOMED codes for SARS-CoV-2 mRNA vaccine and COVID-19, respectively; should’ve mentioned that.
Apart from the name/manufacturer of the received vaccine, there is no superfluous data inside, so the QR code is not a privacy nightmare, as some have feared.
It’s still not ideal. For normal people it doesn’t matter, but some are going too need more than 2 shots, some only need 1, and some will be exempt. And that, people, can easily give insight into one’s health:
Exempt? Maybe you have some blood disease, or other condition that prevents you from being vaccinated?
1 shot? You’ve probably been infected.
3 shots? Now I can suspect your immune system is deficient in some way.
It would be better, I think, to have an expiration date instead, or some range of validity.
It would be better, I think, to have an expiration date instead, or some range of validity.
The problem with that idea is that 1) the codes are valid in multiple jurisdictions that consider a person immunized for a different amount of time¹ and 2) those expiration dates could change with new covid developments². So such codes would have to be generated for each jurisdiction and have a short livetime. This would in practice mean that codes would be generated on the spot.
This can give insights into the social behaviour of people (e.g. “Alice generated a new QR code at 21:39:02 from the WiFi of the Foo-bar. Bob has downloaded a new code from the same IP at 21:38:54”), which is IMO much more privacy invaiding. Also, those 1-shot/3-shots special cases aren’t implemented (yet) in Austria anyways; those people can only use their paper documents for now.
¹: Not just different EU member states, but regional lockdowns might have different requirements as well.
²: It’s even worse: validity length already varies for tests depending on the circumstances: e.g. a PCR test in Austria is valid for 72h when visiting a restaurant, 48h when crossing the border to Italy, or 7 days when clocking in to work.
Sorry if I’m daft, but if you generated the code what’s to prevent antivaxxers from doing the same? The signing keys are right there. https://dgc.a-sit.at/ehn/
You sign it using a private key, and you verify using a public key, derived from the private key. Anyone can fetch the public key and verify a signed message, but only those with access to the private key can sign messages.
the site you linked is just a demo tool for developers. the real codes are signed by a different private key (the one from your health ministry). try scanning the code from my post with https://greencheck.gv.at – “Signaturprüfung ungültig” means “signature verification failed”.
Well, I hope that’s useful to some. I’ve written this to convince myself that the code is safe from a privacy perspective, so that’s why other interesting aspects like signature verification or a deeper look at the technologies involved (Base45, CBOR/COSE, …) was left out.
The cryptic numbers
1119349007and840539006are the SNOMED codes for SARS-CoV-2 mRNA vaccine and COVID-19, respectively; should’ve mentioned that.It’s still not ideal. For normal people it doesn’t matter, but some are going too need more than 2 shots, some only need 1, and some will be exempt. And that, people, can easily give insight into one’s health:
It would be better, I think, to have an expiration date instead, or some range of validity.
The problem with that idea is that 1) the codes are valid in multiple jurisdictions that consider a person immunized for a different amount of time¹ and 2) those expiration dates could change with new covid developments². So such codes would have to be generated for each jurisdiction and have a short livetime. This would in practice mean that codes would be generated on the spot.
This can give insights into the social behaviour of people (e.g. “Alice generated a new QR code at 21:39:02 from the WiFi of the Foo-bar. Bob has downloaded a new code from the same IP at 21:38:54”), which is IMO much more privacy invaiding. Also, those 1-shot/3-shots special cases aren’t implemented (yet) in Austria anyways; those people can only use their paper documents for now.
¹: Not just different EU member states, but regional lockdowns might have different requirements as well.
²: It’s even worse: validity length already varies for tests depending on the circumstances: e.g. a PCR test in Austria is valid for 72h when visiting a restaurant, 48h when crossing the border to Italy, or 7 days when clocking in to work.
Oops, good point…
Sorry if I’m daft, but if you generated the code what’s to prevent antivaxxers from doing the same? The signing keys are right there. https://dgc.a-sit.at/ehn/
You sign it using a private key, and you verify using a public key, derived from the private key. Anyone can fetch the public key and verify a signed message, but only those with access to the private key can sign messages.
the site you linked is just a demo tool for developers. the real codes are signed by a different private key (the one from your health ministry). try scanning the code from my post with https://greencheck.gv.at – “Signaturprüfung ungültig” means “signature verification failed”.