Scanning Austrian testing and vaccination certificate fails with signature error
See original GitHub issueDescribe the bug
I scanned two certificates issued by the Austrian health portal https://gesundheit.gv.at
- One for a rapid-test I took 2 hours ago and
- one for a vaccination done two weeks ago.
Yes I know, the cert for the vaccination is still invalid, because it was only two weeks ago. But the validation does not fail because of the date, but because the signature can’t be verfied.
The validation of the test-certificate also failed with the errormessage “Verification Failed”
I did a bit of debugging. I can see, that the QR code is correctly decoded, ie information like my Name and information about the test/vaccine are correct. But the following lines of code return an error (VerifcationViewModel.kt, line 109)
val certificates = verifierRepository.getCertificatesBy(kid.toBase64())
if (certificates.isEmpty()) {
Timber.d("Verification failed: failed to load certificate")
return@withContext
}
Ie, getCertificatesBy(kid)
does return an empty collection.
Expected behaviour
-
The rapid-test should be accepted (it shows up ok on the official austrian verification webapps https://qr.gv.at and https://greencheck.gv.at)
-
The vaccination should be marked as invalid, but not because of a signature failure, but because of the date.
Steps to reproduce the issue
Scan an austrian certificate
Technical details
HTC U11 life running, Android 10, compiled with lastest Android Studio on Windows 10
Additional Information
That should be the certificated used for verification in https://qr.gv.at
-----BEGIN CERTIFICATE-----
MIIB7zCCAZagAwIBAgIKAXnM+L47fmBcezAKBggqhkjOPQQDAjBEMQswCQYDVQQG
EwJBVDEPMA0GA1UECgwGQk1TR1BLMQwwCgYDVQQFEwMwMDExFjAUBgNVBAMMDUFU
IERHQyBDU0NBIDEwHhcNMjEwNjAyMTM0NTI0WhcNMjMwNjAyMTM0NTI0WjBGMQsw
CQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMQ8wDQYDVQQFEwYwMDEwMDExFTAT
BgNVBAMMDEFUIERHQyBEU0MgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGBN
uKiCpnXH0VlIdk6pJZH2ep8jQaV+FR3izMXxZfK5EPGZLtG3Jx+TmV3JJErfrSrP
hRmfbSidVbTQ5nnZS+ujbjBsMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUNs2s
mrjBhuR5Bqxl6teE1x1o2ycwHwYDVR0jBBgwFoAUHyKsHGUWKbTBmLNjb7/dCZ27
e3swGgYDVR0QBBMwEYEPMjAyMTEyMTYxNDQ1MjRaMAoGCCqGSM49BAMCA0cAMEQC
IDjXHnyzq3sTisMX1uY8xQ2ZqCRL2xmxtYOPhSZ9ZacYAiAqHUMOC7WNgq4h28n3
1WLc1mMPAYauWslSEwnXC79AGw==
-----END CERTIFICATE-----
I also tested the QR Codes from the testdata repository with the official austrian webapps. They can’t be verfied …
Issue Analytics
- State:
- Created 2 years ago
- Comments:8
Top GitHub Comments
Hello,
I was able to validate official tests and vaccinations certificates with the above certificate
-----BEGIN CERTIFICATE----- MIIB7zCCAZagAwIBAgIKAXnM+L47fmBcezAKBggqhkjOPQQDAjBEMQswCQYDVQQG EwJBVDEPMA0GA1UECgwGQk1TR1BLMQwwCgYDVQQFEwMwMDExFjAUBgNVBAMMDUFU IERHQyBDU0NBIDEwHhcNMjEwNjAyMTM0NTI0WhcNMjMwNjAyMTM0NTI0WjBGMQsw CQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMQ8wDQYDVQQFEwYwMDEwMDExFTAT BgNVBAMMDEFUIERHQyBEU0MgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGBN uKiCpnXH0VlIdk6pJZH2ep8jQaV+FR3izMXxZfK5EPGZLtG3Jx+TmV3JJErfrSrP hRmfbSidVbTQ5nnZS+ujbjBsMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUNs2s mrjBhuR5Bqxl6teE1x1o2ycwHwYDVR0jBBgwFoAUHyKsHGUWKbTBmLNjb7/dCZ27 e3swGgYDVR0QBBMwEYEPMjAyMTEyMTYxNDQ1MjRaMAoGCCqGSM49BAMCA0cAMEQC IDjXHnyzq3sTisMX1uY8xQ2ZqCRL2xmxtYOPhSZ9ZacYAiAqHUMOC7WNgq4h28n3 1WLc1mMPAYauWslSEwnXC79AGw== -----END CERTIFICATE-----
The kid for this certificate is the required id “Is2JtrOJhik=”.
Please add this to your certificate server.
Regards, Thomas.
Closing issue as it is about distributing keys, not app functionality