Make a prototype multi-protocol verifier service that supports ICAO VDS and EUDCC

[onthebreeze]

We need a REST API to which a client can POST any QR code extracted from a vaccination certificate and which will return either

• a 200 response with a certificate type (currently either VDS, or EUDCC), subject information (ie identity of the vaccinated person() and an array of vaccination records - OR
• a 501 error response if the QR is un-recognised (ie it is neither a VDS nor an EUDCC)

Use the same response structure as is currently implemented for VDS in https://github.com/gs-gs/ha-dpd with the certificate type code added.

For VDS verification, just re-use the existing code (but put it behind a REST service). For test data, use the attached VDS Specimen - Two Pfizer.pdf

For the EUDCC, please study:

• open source code at https://github.com/eu-digital-green-certificates - notably https://github.com/eu-digital-green-certificates/dgca-verifier-service
• read through this issue https://github.com/eu-digital-green-certificates/dgc-participating-countries/issues/10 and note that it is possibly solved by sweden via trust root certificates from https://dgcg.covidbevis.se/tp/
• there seems to be plenty of test data here https://github.com/eu-digital-green-certificates/dgc-testdata

[railsonsousa106]

@onthebreeze , what should I use to build this in terms of programming language/framework. Python/Django/Flask, or Node.js/Express? And how should the endpoint look like?

[onthebreeze]

Same tech stack as DPD/BFF and, as fir the end point - "Use the same response structure as is currently implemented for VDS in https://github.com/gs-gs/ha-dpd with the certificate type code added."

[onthebreeze]

https://github.com/ehn-dcc-development/hcert-spec https://github.com/ehn-dcc-development/hcert-spec/blob/main/hcert_spec.md

could be helpful - and maybe this too

If you take one the sample QRs from https://github.com/eu-digital-green-certificates/dgc-testdata and load it to https://ehealth.vyncke.org/ then you can see a step-by-step deciding and validation.

although one difficulty seems to be how to access the public keys. https://ehealth.vyncke.org/ seems to use https://verifier-api.coronacheck.nl/v4/verifier/public_keys - but I cant see any API docs for that key list service that explains how to parse the result. maybe the sweden service is better https://dgcg.covidbevis.se/tp/. - or this https://github.com/lovasoa/sanipasse/blob/master/src/assets/Digital_Green_Certificate_Signing_Keys.json

[onthebreeze]

I had an email exchange with that author of the

At least one email contact who is not asking for a generator of fake QR-code !

Here is the code

# Let's try to load the public keys
url = DEFAULT_TRUST_URL
response = urllib.request.urlopen(url)
pkg = json.loads(response.read())
payload = b64decode(pkg['payload'])
trustlist = json.loads(payload)
# 'eu_keys': {'hA1+pwEOxCI=': [{'subjectPk': 'MFkwEw....yDHm7wm7aRoFhd5MxW4G5cw==', 'keyUsage': ['t', 'v', 'r']}],
eulist = trustlist['eu_keys']
for kid_b64 in  trustlist['eu_keys']:
    add_kid(kid_b64,eulist[kid_b64][0]['subjectPk'])

Have fun and let me aware of what you have done -)

-éric

From: steve capell steve.capell@gmail.com Date: Monday, 6 December 2021 at 02:23 To: "eric@vyncke.org" eric@vyncke.org Subject: Niue work at https://ehealth.vyncke.org/index.php - info about the nl verifier API?

Hi,

I'm trying to add a EU-DCC verifier to an australian ICAO VDS verifier service to make it a multi-protocol verifier. Found your site which was very helpful to understand the various decoding steps from QR -> health claims.

There's a part where you check that the signing certificate exists in the master registry- and you use https://verifier-api.coronacheck.nl/v4/verifier/public_keys

where would I find the API docs for that key register site so I can understand how to parse the response?

kind regards,