Go decoder for EU Digital COVID Certificate (EUDCC) QR code data

Related tags

Network coronaqr
Overview

Go Corona QR Code Decoder

Go Reference

This repository contains a decoder for EU Digital COVID Certificate (EUDCC) QR code data, written in Go.

If you got vaccinated and want to know what is stored in the QR code, this package (and example program) can answer that question!

Example usage:

go install github.com/stapelberg/coronaqr/cmd/[email protected]

apt install curl zbar-tools
curl -sL https://github.com/eu-digital-green-certificates/dgc-testdata/raw/main/CH/png/1.png | \
	zbarimg --quiet --raw - | \
	coronadecode

(With older Go versions before 1.16, use go get -u github.com/stapelberg/coronaqr/cmd/coronadecode instead.)

Comments
  • Expiration date for recovery

    Expiration date for recovery

    In my certificate prints this:

    Cryptographic signature successfully verified from: CN=grnet.gr,C=GR

    COVID certificate: Issued: 2021-06-01 05:13:41 -0400 EDT Expiration: 2023-05-24 11:35:24 -0400 EDT Contents: (coronaqr.CovidCert) { Version: (string) (len=5) "1.0.0", PersonalName: (coronaqr.Name) { FamilyName: (string) (len=18) "...", FamilyNameStd: (string) (len=10) "...", GivenName: (string) (len=12) "...", GivenNameStd: (string) (len=7) "..." }, DateOfBirth: (string) (len=10) "...", VaccineRecords: ([]coronaqr.VaccineRecord) , TestRecords: ([]coronaqr.TestRecord) , RecoveryRecords: ([]coronaqr.RecoveryRecord) (len=1 cap=1) { (coronaqr.RecoveryRecord) { Target: (string) (len=9) "840539006", Country: (string) (len=2) "GR", Issuer: (string) (len=43) "Ministries of Health and Digital Governance", CertificateID: (string) (len=43) "URN:UVCI:01:GR:HFR6ZMD6GJDON7UQZI4FTKNDHY#M" } } }

    However there must be an expiration of the RecoveryRecord. The "Expiration" is the certificate's expiration, not the recovery record expiration.

    Also, what's the "target" string?

    I 'd be grateful if you can take a look.

    opened by WindowsNT 7
  • Add TestType, TestResult and SampleDatetime attribute to TestRecord. …

    Add TestType, TestResult and SampleDatetime attribute to TestRecord. …

    …Translate IDs to display names for TestResult, TestType and Target (type of DiseaseTargeted)

    What does this implement?

    It completes TestRecord structure by adding attributes TestType, TestResult and SampleDatetime, accordingly to ehn-dcc-development/ehn-dcc-schema/DCC.Types.schema.json.

    In addition, attributes Target, TestType and TestResult use custom string types implementing UnmarshalCBOR() interface. As a result, IDs are translated into display values according to data at ehn-dcc-development/ehn-dcc-schema/valuesets/.

    Example

    Before:

    # curl -Ls https://raw.githubusercontent.com/eu-digital-green-certificates/dgc-testdata/main/FR/png/test-pcr_ok.png | zbarimg --raw --quiet - | go run cmd/coronadecode/coronadecode.go
    Cryptographic signature check skipped (use -verify)
    
    COVID certificate:
    Issued:     2021-06-03 09:54:22 +0200 CEST
    Expiration: 2021-06-05 09:54:22 +0200 CEST
    Contents:   (coronaqr.CovidCert) {
     Version: (string) (len=5) "1.0.0",
     PersonalName: (coronaqr.Name) {
      FamilyName: (string) (len=6) "Dupond",
      FamilyNameStd: (string) (len=6) "DUPOND",
      GivenName: (string) (len=5) "Marie",
      GivenNameStd: (string) (len=5) "MARIE"
     },
     DateOfBirth: (string) (len=10) "1962-07-01",
     VaccineRecords: ([]coronaqr.VaccineRecord) <nil>,
     TestRecords: ([]coronaqr.TestRecord) (len=1 cap=1) {
      (coronaqr.TestRecord) {
       Target: (string) (len=9) "840539006",
       Name: (string) (len=17) "2019-nCoV RT-qPCR",
       Manufacturer: (string) (len=4) "1232",
       TestingCentre: (string) (len=14) "Testing Centre",
       Country: (string) (len=2) "FR",
       Issuer: (string) (len=10) "Laboratory",
       CertificateID: (string) (len=41) "URN:UVCI:V1:FR:P50E914L54CIP5J0K4EHSCXOS:"
      }
     },
     RecoveryRecords: ([]coronaqr.RecoveryRecord) <nil>
    }
    

    After:

    # curl -Ls https://raw.githubusercontent.com/eu-digital-green-certificates/dgc-testdata/main/FR/png/test-pcr_ok.png | zbarimg --raw --quiet - | go run cmd/coronadecode/coronadecode.go
    Cryptographic signature check skipped (use -verify)
    
    COVID certificate:
    Issued:     2021-06-03 09:54:22 +0200 CEST
    Expiration: 2021-06-05 09:54:22 +0200 CEST
    Contents:   (coronaqr.CovidCert) {
     Version: (string) (len=5) "1.0.0",
     PersonalName: (coronaqr.Name) {
      FamilyName: (string) (len=6) "Dupond",
      FamilyNameStd: (string) (len=6) "DUPOND",
      GivenName: (string) (len=5) "Marie",
      GivenNameStd: (string) (len=5) "MARIE"
     },
     DateOfBirth: (string) (len=10) "1962-07-01",
     VaccineRecords: ([]coronaqr.VaccineRecord) <nil>,
     TestRecords: ([]coronaqr.TestRecord) (len=1 cap=1) {
      (coronaqr.TestRecord) {
       Target: (coronaqr.DiseaseTargeted) (len=8) "COVID-19",
       TestType: (coronaqr.TestType) (len=47) "Nucleic acid amplification with probe detection",
       Name: (string) (len=17) "2019-nCoV RT-qPCR",
       Manufacturer: (string) (len=4) "1232",
       SampleDatetime: (time.Time) 2021-05-16 14:34:56 +0000 UTC,
       TestResult: (coronaqr.TestResult) (len=12) "Not detected",
       TestingCentre: (string) (len=14) "Testing Centre",
       Country: (string) (len=2) "FR",
       Issuer: (string) (len=10) "Laboratory",
       CertificateID: (string) (len=41) "URN:UVCI:V1:FR:P50E914L54CIP5J0K4EHSCXOS:"
      }
     },
     RecoveryRecords: ([]coronaqr.RecoveryRecord) <nil>
    }
    

    Comments

    Tests have been successfully run against eu-digital-green-certificates/dgc-testdata (same errors has before this commit).

    opened by francoislpj 6
  • How to use it?

    How to use it?

    I'm newbie to Go.

    What should I install/setup before using instructions?

    P.S. apt-get install golang and adding $GOPATH/$GOLANG wasn't enough.

    root:~#  go get -u github.com/stapelberg/coronaqr/cmd/coronadecode
    package context: unrecognized import path "context" (import path does not begin with hostname)
    package flag: unrecognized import path "flag" (import path does not begin with hostname)
    package fmt: unrecognized import path "fmt" (import path does not begin with hostname)
    ...
    
    opened by iliakan 5
  • Fails to read EUDCC issued in Ireland

    Fails to read EUDCC issued in Ireland

    Hi Michael!

    Thanks for creating this, I received my certificate yesterday and I am eager to see what information is encoded there! Sadly, coronadecode (commit 4d67a18) fails to parse it:

    $ zbarimg --quiet --raw ~/Covid_cert.png | bin/coronadecode
    2021/07/15 16:11:55 could not decode certificate QR code: cbor.Unmarshal(v.Payload): cbor: cannot unmarshal primitives into Go struct field coronaqr.claims.-260 of type int
    
    opened by NightTsarina 4
  • Consider adding support for the Swiss Light Certificates

    Consider adding support for the Swiss Light Certificates

    I can’t find a spec, but here’s what I know so far:

    Light certificates start with LT1 instead of HC1.

    The CBOR payload for light certificates is:

    {1: "CH BAG", 6: 1625658361, -250: {1: {"dob": "1943-02-01", "nam": {"fn": "M\u00fcller", "gn": "C\u00e9line", "fnt": "MUELLER", "gnt": "CELINE"}, "ver": "1.0.0"}}}

    Notably, the -250 is listed as unassigned in https://www.iana.org/assignments/cwt/cwt.xhtml currently :-/

    enhancement 
    opened by stapelberg 2
  • Implement signature verification (not rule-based validity of codes yet)

    Implement signature verification (not rule-based validity of codes yet)

    https://www.cc-d.bit.admin.ch/trust/v1/keys/updates?certFormat=ANDROID seems to be the dev environment URL to obtain the keys.

    The prod version gives a 403 Forbidden, not sure what sort of authentication is required.

    https://github.com/admin-ch/CovidCertificate-SDK-Android/commit/414887526a78969d1860e6d863b221cd4cc94f06 might be a good pointer for how to do verification.

    enhancement 
    opened by stapelberg 2
  • QR prefix issue

    QR prefix issue

    I tried it on few QR-codes.

    All of them failed because of the prefix.

    zbarimg qr.jpeg returns QR-Code:HC1:...

    Then your utility fails until I manually remove the QR-Code: prefix. After the removal, it works (thanks).

    opened by iliakan 1
  • TestRecord: add attributes TestType, TestResult and SampleDatetime

    TestRecord: add attributes TestType, TestResult and SampleDatetime

    Reference PRs

    Subpart of the PR #5 (without the erroneous IDs translation).

    What does this implement?

    Complete TestRecord structure with attributes TestType, TestResult and SampleDatetime, according to test_entry specification from ehn-dcc-development/ehn-dcc-schema/DCC.Types.schema.json.

    Test

    gofmt and go test : PASS

    opened by francoislpj 1
  • Pass all positive and negative tests in dgc-testdata

    Pass all positive and negative tests in dgc-testdata

    We currently pass positive tests, but don’t run negative tests:

    https://github.com/stapelberg/coronaqr/blob/5924b762bd6da43c33c52dad0971d19d8769f148/coronaqr_test.go#L212

    There’s also a separate test data repository at https://github.com/eu-digital-green-certificates/dcc-quality-assurance which we should use in addition or instead of dgc-testdata.

    enhancement 
    opened by stapelberg 1
  • implement revocation list support

    implement revocation list support

    This is blocked on https://github.com/section42/hcert-trustlist-mirror/issues/11 so that we can plug into multiple revocation lists, just like we do for trust lists right now.

    enhancement 
    opened by stapelberg 0
  • implement covid business rule verification

    implement covid business rule verification

    I have a pending commit which passes all the test cases.

    What’s missing is a good source for country rules. I asked around regarding sources in https://github.com/eu-digital-green-certificates/dgc-participating-countries/issues/10#issuecomment-891236663

    enhancement 
    opened by stapelberg 5
  • Display names instead of ID for fields like TestResult, TestType, etc.

    Display names instead of ID for fields like TestResult, TestType, etc.

    Enhancement proposal in the idea of submitting a pull request:

    Some fields in the certificate are identifiers that refer to elements declared at https://github.com/ehn-dcc-development/ehn-dcc-schema/blob/release/1.3.0/valuesets/. These elements have a display name in a human readable sentence.

    With the certificate decoded, it would be nice to print display names instead of (or in addition to) identifiers. For example, display :

    TestType:   Nucleic acid amplification with probe detection
    TestResult: Not detected
    

    Instead of:

    TestType: (string) (len=8) "LP6464-4",
    TestResult: (string) (len=9) "260415000",
    
    opened by francoislpj 2
Owner
Michael Stapelberg
Michael Stapelberg
Exposure Notification Reference Server | Covid-19 Exposure Notifications

Exposure Notification Reference Key Server COVID‑19 Exposure Notifications API Exposure Notification Reference Key Server Documentation In our continu

Google 2.1k Sep 19, 2022
A simple Go lib to get information on Covid-19

Govid A simple Go library which lets you get information on Covid-19 Examples Getting total data about all countires: package main import ( "Govid/g

YeffyCodeGit 8 Aug 18, 2022
Core is the next-generation digital data engine.

tKeel-Core The digital engine of world ?? Core is the data centre of the tKeel IoT Open Platform, a high-performance, scalable and lightweight next-ge

null 21 Mar 28, 2022
Control your legacy Reciva based internet radios (Crane, Grace Digital, Tangent, etc.) via REST api or web browser.

reciva-web-remote Control your legacy Reciva based internet radios (Crane, Grace Digital, Tangent, etc.) via REST api or web browser. Usage This progr

null 6 May 3, 2022
Open source forensic software to analyze and present digital evidence.

Go Forensics Core Open source forensic software to analyze digital evidence to be presented in court. The core of Go Forensics PostgreSQL The core use

Mooij Technologies 2 May 8, 2022
Toy TLS certificate viewer

veilig Toy tls certificate viewer that I built because openssl s_client confuses me Source available at: https://github.com/noqqe/veilig/ Please repor

Florian Baumann 10 Aug 25, 2022
DNS/DoT to DoH proxy with load-balancing, fail-over and SSL certificate management

dns-proxy Configuration Variable Example Description TLS_DOMAIN my.duckdns.org Domain name without wildcards. Used to create wildcard certificate and

Dimitri Herzog 3 Nov 23, 2021
Cert bound sts server - Certificate Bound Tokens using Security Token Exchange Server (STS)

Certificate Bound Tokens using Security Token Exchange Server (STS) Sample demonstration of Certificate Bound Tokens acquired from a Security Token Ex

null 0 Jan 2, 2022
A CLI tool to get Certificate Transparency logs of a domain name.

crt crt is a CLI tool to get Certificate Transparency logs of a domain name. It can also enumerate subdomains. Installation If you have Go installed:

Cem Ulus 41 Aug 26, 2022
A tool for capturing newly issued x.509 from Certificate Transparency logs & performing periodic revocation checking.

ct-logster This repository contains the tools for collecting newly issued x509 certificates from Certificate Transparency logs, as well as performing

Adam Halim 4 May 4, 2022
concurrent caching proxy and decoder library for collections of PMTiles

go-pmtiles A caching proxy for the serverless PMTiles archive format. Resolves several of the limitations of PMTiles by running a minimalistic, single

Protomaps 23 Sep 19, 2022
Pure Go Brotli encoder and decoder

This package is a brotli compressor and decompressor implemented in Go. It was translated from the reference implementation (https://github.com/google

Andy Balholm 422 Sep 22, 2022
Read k8S-source-code notes, help quickly understand the K8S-code organization rules

K8S源码阅读笔记 以下笔记针对 kubernetes V1.23.1(截至2022年01月01日最新版本),并不保证对其它版本的有效性 一、架构图 二、阅读前准备 由于kubernetes项目巧妙的设计和代码高度的封装性,建议在阅读代码前,尽可能的进行以下内容的准备: 1. 编程知识配备 编程语准

kubernetes-based edge-cloud solution 0 Feb 16, 2022
Data Connector is a Google Sheets Add-on that lets you import (and export) data to/from Google Sheets

Data Connector Data Connector is a Google Sheets Add-on that lets you import (and export) data to/from Google Sheets. Our roadmap: Connect to JSON/XML

Brent Adamson 114 Jul 30, 2022
Create a QR code with your Wi-Fi login details

Wi-Fi QR Code generator Create a QR code with your Wi-Fi login details. Use Google Lens or other application to scan it and connect automatically. Ins

Eugene R. 214 Sep 27, 2022
This is a proof of concept (PoC) for creating a QR code system for proving that one has had a valid vaccination record

TestVac QR Core This is a proof of concept (PoC) for creating a QR code system for proving that one has had a valid vaccination record (FHIR, see http

Ministerie van Volksgezondheid, Welzijn en Sport 38 Feb 2, 2022
Go driven rpc code generation tool for right now.

Go driven rpc code generation tool for right now. 100% Go Describe services with Go interfaces (with structs, methods, comments, etc.) Generate server

pace.dev 591 Sep 20, 2022