clawfire / covid19-passbook-generator

A simple PWA to scan your EU digital COVID Certificate and generate a passbook from it
https://covid19passbook.netlify.app/
Other
129 stars 24 forks source link
covid-19 digital-covid-certificate

COVID-19 passbook Generator

The aim of this project is to let a user scan a EU Digital COVID Certificate with their smartphone, and generate a passbook, without any data stored on a remote server.

Crowdin Netlify Status

Test it

We are deploying a stable-ish version online so you can try it out. Better used on your iPhone but also works on Android and your mac. If you spot any bugs, please reach us here or on social media šŸ˜ƒ . You can also browse the opened issues to see if we already spotted that bug. And if you have any improvement idea, that's also possible to send us your feature requests.

Background story

Since EU Digital COVID certificates launched in Luxembourg, there's no application to store your certificate digitally. You can go online and download a PDF or use the grayscale version you got by mail.

Using an application to store those sensitives information can also be an obstacle to some people, and we understand why. Even government application can be questioned, like "tous anticovid" in France, which collect a lot of extra data, including Google pieces of software and usage trackers, especially when you can't look at the source code of those applications.

That's why I came off with the idea of simply using something that does not require installing another piece of software and already handles my credit cards securely: Apple Wallet.

Ok, so, how to do that correctly? Since I don't like spying or fear of it from users, everything possible had to occur on the device itself, including especially:

Apple has designed their passbook (the format of the little card you put in your wallet) in a way to be very secure. So they need to be signed to be visible in the Apple Wallet app. At the moment, I didn't find a way of doing this on the user's device without compromising the signing key. However, we need to sign the manifest which contains SHA-1 of your data, not the data itself. That's why we thought about a small web service, which does all of this in-memory:

That's where @biou jumped into the project and helped me to design the lambda required for this and stick with me on several other tasks since.

Contributors & open-source

This work could never have been done without the support of the open source community.