A QR-code only allows for 45 different characters (letters, figures, some punctuation characters)...

[lillois59]

Hi @rascafr well job and great work for this Eu-qr-parser, It seem to work very well after several hours of search ... But Id like to know why I can read the data from : (https://ehealth.vyncke.org/index.php) I got something but apparently wrong I think is beacuse this message : (letters, figures, some punctuation characters)... But the health certificate contains binary information, so, this binary information is 'encoded' in base45 (thanks to my friend Patrik's IETF draft draft-faltstrom-base45). Base45 decoding... The decoded message is now (many more binary characters represented as '.' on the right-hand column and also less octects)

I need to modify something in order to get more octects ?

thanks you bro

[rascafr]

Hi Camille,

Glad to hear it's working well for you.

I don't quite understand, were you able (or not) to read the data from Vyncke's website? Did you then used the zlib decompress inflate() method?

Given vyncke's website sample hex data, I was able to get the same output after the base45 + zlib steps... like the way this has been implemented in this parser (part of the result playload below)

...
bcix01BEVLBDIML2KR1
IFKPPCSX8OQF3#KbcobBEbdr�t2021-0
5-15T19:21:22ZbiseSC-BEbsc�t2021
-05-25T09:02:07Zbtch81160393btgi
840539006btri260415000btthLP6464
-4cdobj1980-01-14cnam�bfngEbraer
tbgnpPeter Paul MariacfntgEBRAER
TcgntpPETER<PAUL<MARIAcvere1.0.0
...

[lillois59]

Hi @rascafr and thanks to reply Im so sorry I was off from Git. Today playing around your project I think I found was is wrong or not working, If I read "new_gene_cert" in some App like "TousAntiCovid" french app and others It's not readeble I mean direclety I got a ErroR message like "Cert not readble" but just now using Swiss App or Belgium is working readable. My question is how I we (you lol) can fix this issue bro @rascafr what do you think/

Aslo I add this : (My valid Qr) COSE ISSUE

Checking the COSE structure (ignoring the signature) of the CBOR Web Token (yet another IETF standards RFC 8392)... COSE Key Id(KID): 0x840D7EA7010EC422 (KID is the first 8 bytes of the SHA256 of the certificate, list of trusted KIDs is at https://verifier-api.coronacheck.nl/v4/verifier/public_keys). This key is trusted from https://verifier-api.coronacheck.nl/v4/verifier/public_keys or https://covid-status.service.nhsx.nhs.uk/pubkeys/keys.json And the COSE signature is verified => this digital green certificate is valid. COSE Algorithm: Es256 (ECDSA w/ SHA-256)

(Generated Qr)

Checking the COSE structure (ignoring the signature) of the CBOR Web Token (yet another IETF standards RFC 8392)... This is not a recognized COSE data object: Unknown COSE attribute with value: [CoseAlgorithm - -123]

[lillois59]

its look okay now when I change COSE parameter to -36 or -45 its okay to Vyncle but the cert its still invalid

[lillois59]

@rascafr Happy End of year ....

Thanks for all first !

After severals hours maybe two day, today and last nite I trying to do my best using lot of topic like : CBOR algo, https://python-cwt.readthedocs.io/en/stable/algorithms.html#cose-key-types https://www.iana.org/assignments/cose/cose.xhtml https://github.com/ehn-dcc-development/ehn-sign-verify-python-trivial/issues/17 ecetera ....

I resum my issue : 1/ https://ehealth.vyncke.org/ = I can decode my qr and read what I filled before using -45 COSE ALGO but its still invalid Decoding the CBOR-encoded COSE claims into a more readable JSON format: Issuer : CNAM Expiration time : 2009-02-13 23:31:30 UTC !!! This certificate is no more valid!!! Health payload JSON :

invalid : TousAntiCovid, SWISS, BE, LU valid : some simple app checkers like for supermaket door (in some of them)

Question : How I can sign an valid cert? I used to sign using minisign :

_minisign -Vm /Users/Apple/minisign/new_generated.jpeg Signature and comment signature verified Trusted comment: timestamp: 1640527412 file: newgenerated.jpeg hashed

But still invalid, can you help me to fix this missconf bro @rascafr

merci thanks again

[rascafr]

@camillegroult

• About the expiration time / date: I think you're still using the sample code. Indeed, the timestamp in the example is a random one, 1234567890, which leads to your 2009 date.

TZ=UTC0 date -r 1234567890
Fri 13 Feb 2009 23:31:30 UTC

• About signing the certificate: I think you're are a bit mistaken about how it works. The way you're using the minisign tool signs files, not QR codes payload data or anothying else. You'll want to sign the data before generating the QR code, not after.

Furthermore, as replied in the other issue you opened, and as mentionned in my repos (https://github.com/rascafr/eu-covid-qr-parser-demo#readme), you won't be able to sign a certificate if you don't have the private key...