1. 34
  1. 9

    Well, I hope that’s useful to some. I’ve written this to convince myself that the code is safe from a privacy perspective, so that’s why other interesting aspects like signature verification or a deeper look at the technologies involved (Base45, CBOR/COSE, …) was left out.

    The cryptic numbers 1119349007 and 840539006 are the SNOMED codes for SARS-CoV-2 mRNA vaccine and COVID-19, respectively; should’ve mentioned that.

    1. 4

      Apart from the name/manufacturer of the received vaccine, there is no superfluous data inside, so the QR code is not a privacy nightmare, as some have feared.

      It’s still not ideal. For normal people it doesn’t matter, but some are going too need more than 2 shots, some only need 1, and some will be exempt. And that, people, can easily give insight into one’s health:

      • Exempt? Maybe you have some blood disease, or other condition that prevents you from being vaccinated?
      • 1 shot? You’ve probably been infected.
      • 3 shots? Now I can suspect your immune system is deficient in some way.

      It would be better, I think, to have an expiration date instead, or some range of validity.

      1. 4

        It would be better, I think, to have an expiration date instead, or some range of validity.

        The problem with that idea is that 1) the codes are valid in multiple jurisdictions that consider a person immunized for a different amount of time¹ and 2) those expiration dates could change with new covid developments². So such codes would have to be generated for each jurisdiction and have a short livetime. This would in practice mean that codes would be generated on the spot.

        This can give insights into the social behaviour of people (e.g. “Alice generated a new QR code at 21:39:02 from the WiFi of the Foo-bar. Bob has downloaded a new code from the same IP at 21:38:54”), which is IMO much more privacy invaiding. Also, those 1-shot/3-shots special cases aren’t implemented (yet) in Austria anyways; those people can only use their paper documents for now.

        ¹: Not just different EU member states, but regional lockdowns might have different requirements as well.

        ²: It’s even worse: validity length already varies for tests depending on the circumstances: e.g. a PCR test in Austria is valid for 72h when visiting a restaurant, 48h when crossing the border to Italy, or 7 days when clocking in to work.

        1. 1

          Oops, good point…

      2. 1

        Sorry if I’m daft, but if you generated the code what’s to prevent antivaxxers from doing the same? The signing keys are right there. https://dgc.a-sit.at/ehn/

        1. 2

          You sign it using a private key, and you verify using a public key, derived from the private key. Anyone can fetch the public key and verify a signed message, but only those with access to the private key can sign messages.

          1. 2

            the site you linked is just a demo tool for developers. the real codes are signed by a different private key (the one from your health ministry). try scanning the code from my post with https://greencheck.gv.at – “Signaturprüfung ungültig” means “signature verification failed”.