Green certificate: encryption of personal data

[phaesun]

Hello,

I'd be interested in knowing, if data encoded within the QR code is not only signed using a digital signature, but also encrypted? Or in other words: Is it possible for a 3rd party app to read the data in these QR codes? And as a followup-question: Is it possible for a 3rd party app to use the EU certificate gateway to retrieve the public certificates required for verification of the dig. signature?

Thank you and best regards,

[daniel-eder]

For details on how the DCCs work, please review the spec: https://github.com/ehn-dcc-development/hcert-spec As a preliminary answer: The data in the QR code is not encrypted, hence no sensitive personal data should become part of the specification.

As for validating the signature, the public keys required for that purpose are not made available via the DCC Gateway, but rather via the national backends. A discussion on how to access one of these can be found here: https://github.com/eu-digital-green-certificates/dgc-participating-countries/issues/10