There is a QR code which I think gets translated into an ID. How does that ID get checked? Is there a request to a common EU database with Switzerland and UK?
Asked
Active
Viewed 4,846 times
2 Answers
47
The Certificate functions as follows:
- The EU Digital COVID Certificate contains a QR code with a digital signature to protect it against falsification.
- When the certificate is checked, the QR code is scanned and the signature verified.
- Each issuing body (e.g. a hospital, a test centre, a health authority) has its own digital signature key. All of these are stored in a secure database in each country.
- The European Commission has built a gateway through which all certificate signatures can be verified across the EU. The personal data of the certificate holder does not pass through the gateway, as this is not necessary to verify the digital signature. The European Commission also helped Member States to develop national software and apps to issue, store and verify certificates and supported them in the necessary tests to on-board the gateway.
The specifications have all been published on github
Krist van Besien
- 11,872
- 39
- 50
34
Given that the check also works offline (just tested it myself with the CovPass Check app), there cannot be any requests to any server. However, what the QR code includes, is data about the person (name and date of birth), as well as the information if the vaccination is complete (at least for the digital certificate issued in Germany). That data is most likely signed with a private key from the issuer, and this signature can then be validated with a public key, that's part of the check app. This process doesn't require any internet connection (the process of creating the QR code requires it, since it has to be generated by the holder of the private key).
dunni
- 9,059
- 2
- 32
- 35