10
posted ago by cee8hooz ago by cee8hooz +10 / -0

RSA/ECB/PKCS1Padding is used.

Unless somebody finds for example collision for public key bellow QR will probably not be possible to be faked properly (and they would easily change it in new versions too !).

-----BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AY0/6cxMwi+i1u5f/m8 H91vvhQAQfUdPJjqSuerN9sjOzt6hD/8iUq0fELh4ZkES1YUf+ygzfWdewIRRNsn YXQcWEY02wPelqxmzWv1JPskCgKwkNPpiFxO8phLnJTts9xRwLDs2W2Y0zrf7EWD tpHaTuDASy8ipMo9fect7t3epN48A2//K9iA1y+5e0bUtxRba2lVf6x7VBMbXlrx qsjaeC72J1mjs3flGGoINhHtVZF6g4YhJkRAhqX2IsNPRJa6yRCKXKm2anDeFoLI BtgIym6oERdTtUAWK05U1ozgjC24mOIIpqQOAqdvatq0dhFRWPL2hBjoJwc8JxHN

VwIDAQAB

-----END PUBLIC KEY-----

those above is current public key found by specialists in Polish app decoding it.I don't know how in the rest of EU,but probably that would be somehow compatible,maybe using even the same keys.

Recipe:

Encrypt with private key (unknown) data in format:

12345678;1;27-01-2021;Name;X;15-12;27-01-2022;10

Where: 12345678 is "vaccine" number (id),

1 is "resource version" (immunization),

dates are "vaccination" dates,

Name is Name,

15-12 is example birth date without year.

X is Surname first char.

10 is probably one of "vaccine" types.

Write version of app encoding by number - now 1 and give ";" + Encode encrypted data using base64 encoding. Code into QR.

Simply main problem for better forging it is private key or generating collision on it.

Probably some codes for now would be vulnerable if someone has the same name and first letter of surname by simply copying those shit from "vaccinated" person but anyway this shit would be more problematic that those CDC cards in USA :(

Comments (8)
sorted by:
6
krzyzowiec 6 points ago +6 / -0

I don't know how in the rest of EU,but probably that would be somehow compatible,maybe using even the same keys.

No it’s worse than that.

Each issuing body (e.g. a hospital, a test centre, a health authority) has its own digital signature key. All of these are stored in a secure database in each country.

It is compatible because the EU has a gateway that all countries can use for verification.

They also do not decrypt the data for verification.

For verification purposes, only the validity and authenticity of the certificate is checked by verifying who issued and signed it. All health data remains with the Member State that issued an EU Digital COVID Certificate.

There is no good technical solution to this problem. Europeans have to want freedom more than security. Same with us Americans really. The nice thing about our country is that the people are still fairly rebellious and it is difficult to impose anything on all of us.

In the South we are already pretending like nothing happened and life is back to normal. They probably want us to get vaccine cards but the virus is boring now. Nobody cares anymore.

6
OperationCatSpeed 6 points ago +6 / -0

Bingo. The solution to all the EUs is what we've known since 1776...

BECOME UNGOVERNABLE

3
muslimporn 3 points ago +3 / -0

There's a simple solution to this but you're not going to like it.

What gives COVID-19 power? It kills people.

How many people will COVID-19 kill if you don't do what it wants?

If you unite together you can kill as many people.

Then the government has to do what you say.

2
PermaHandshake 2 points ago +2 / -0

Yup. Power hasn't changed ever in human history. There is only one sure thing when it comes to power, force.

1
mvrak 1 point ago +1 / -0

It honestly will only take a freedom loving tech worker to leak a private key, and then legitimate copies will be made. If none of them ever work for the system...

1
OrangePill 1 point ago +1 / -0

There's almost always a way at least eventually, and rushed things like this lead to more ability for leaks and mistakes. Intel lost the HDCP master keys because a vendor accidentally left them on an open FTP server that someone happened to run across.

Trick is will someone find a flaw in the next few weeks or will it take years where at that point it's pointless. No doubt a number of white and black hats are going to be poking at this, surely for the black hats (although maybe in this case white) there would be financial incentive to break it for people wanting alternative documentation.

For sure though it takes a large amount of hubris on part of these "leaders" to think you can make something that's going to work across multiple countries, and implemented multiple places without having some critical flaws, but I suppose the point is control, not whether it actually works in practice.

1
morelikeaduck 1 point ago +1 / -0

Remember, a chain is only as strong as its weakest link.

They can encrypt their "covid passports" as much as they like, but I'm sure millions of businesses will look the other way when an unvaccinated person comes in to make a purchase. And the best thing is, no one will know what happened.

1
mvrak 1 point ago +1 / -0

I keep hearing about health professionals that are giving pretend vaccinations. Unfortunately that splits the resistance community.