The aim of this project is to let a user scan an EU Digital COVID Certificate with their smartphone, and generate a Wallet-pass, without any data stored on a remote server.

We are deploying a stable-ish version online so you can try it out. Better used on your iPhone but also works on Android and your mac. If you spot any bugs, please reach us here or on social media 😃 . You can also browse the open issues to see if we already spotted that bug. And if you have any improvement idea, it's also possible to send us your feature requests.

It's released under the NoHarm license and the source code is available on Github.

Background Story

Since EU Digital COVID certificates launched in Luxembourg, there is no application to store your certificate digitally. You can go online and download a PDF or use the grayscale version you got by snail mail.

Using an application to store those sensitives information can also be an obstacle to privacy conscious people.
That's why I came off with the idea of simply using something that does not require installing another piece of software and already handles my credit cards securely: Apple Wallet.

Ok, so, how to do that correctly? Since I don't like spying or fear of it from users, everything possible had to occur on the device itself, including especially:

  • Reading the QRCode & decoding it
  • Extracting information from it
  • Generating a Wallet-compatible pass file

Apple has designed their Wallet-passes (the format of the little cards you put in your Apple Wallet) in a way to be very secure. So they need to be signed to be visible in the Apple Wallet app, and we have to sign a digest of your data, not the data itself. We have implemented this feature through a simple web service which signs the digests in memory.

To be able to correctly analyse the content of the QR-code, I reused the Europe eHealth Network Digital Covid Certificate Payload.


Discussions

Discussion entre l'organisation et la communauté à propos de ce jeu de données.