What happens behind the scenes when a EU COVID-19 vaccine certificate gets scanned?

9/16/2021 8:21:59 PM

The Certificate functions as follows:

  1. The EU Digital COVID Certificate contains a QR code with a digital
    signature to protect it against falsification.
  2. When the certificate is checked, the QR code is scanned and the
    signature verified.
  3. Each issuing body (e.g. a hospital, a test centre, a health
    authority) has its own digital signature key. All of these are
    stored in a secure database in each country.
  4. The European Commission has built a gateway through which all
    certificate signatures can be verified across the EU. The personal
    data of the certificate holder does not pass through the gateway, as
    this is not necessary to verify the digital signature. The European
    Commission also helped Member States to develop national software
    and apps to issue, store and verify certificates and supported them
    in the necessary tests to on-board the gateway.

Source

The specifications have all been published on github

9/16/2021 4:20:16 PM

Given that the check also works offline (just tested it myself with the CovPass Check app), there cannot be any requests to any server. However, what the QR code includes, is data about the person (name and date of birth), as well as the information if the vaccination is complete (at least for the digital certificate issued in Germany). That data is most likely signed with a private key from the issuer, and this signature can then be validated with a public key, that’s part of the check app. This process doesn’t require any internet connection (the process of creating the QR code requires it, since it has to be generated by the holder of the private key).

Credit:stackoverflow.com

About me

Hello,My name is Aparna Patel,I’m a Travel Blogger and Photographer who travel the world full-time with my hubby.I like to share my travel experience.

Search Posts