both public keys for signature verification are now invalid

[mnissim000]

As of Oct 3, new "green passes" issued contain a signature that is no longer verifiable with the public key provided here. Prior to Oct 3, verification with the ECDSA key worked fine

[trianglee]

@mnissim000 The new ECDSA public key used by the application as of 3-Oct-2021 is -

-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcw+UZUnryP4rqSw+a8xQw4wLHZkc u4MDjJP7QeBUEpDt8xh4i4RSIBEJrBkAukSSobRDkwMb0dSCsWwK0rfMgQ== -----END PUBLIC KEY-----

I derived it using https://github.com/trianglee/greenpass-derive-public-key, given two valid certificates. See https://github.com/trianglee/greenpass-verify for simple JavaScript verification code using this (and other) keys.

[mnissim000]

Thanks trianglee. Am I crazy, or is the Ramzor app still using the OLD (pre-oct-3) ECDSA key, thus verifying old passes and rejecting new ones?

[trianglee]

@mnissim000 The latest version appears to be working as expected. It can verify new passes generated on (or after) Oct-3, and doesn't verify old passes generated before.

[mnissim000]

@trianglee, yes, this is the situation now, for me too. But 23 hours ago, when I wrote my post, , the app was rejecting new passes. So the app was updated more than a day later than the introduction and issuing of official new passes. Well... doesn't inspire much confidence.

[svetamorag]

Hello, Please see the update of the Readme file.

[trianglee]

@svetamorag Is the EU Digital COVID certificate going to be used as replacement for the vaccination certificate only, or also for the "green pass" certificate?