Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Scanning Austrian testing and vaccination certificate fails with signature error

See original GitHub issue

Describe the bug

I scanned two certificates issued by the Austrian health portal https://gesundheit.gv.at

  • One for a rapid-test I took 2 hours ago and
  • one for a vaccination done two weeks ago.

Yes I know, the cert for the vaccination is still invalid, because it was only two weeks ago. But the validation does not fail because of the date, but because the signature can’t be verfied.

The validation of the test-certificate also failed with the errormessage “Verification Failed”

I did a bit of debugging. I can see, that the QR code is correctly decoded, ie information like my Name and information about the test/vaccine are correct. But the following lines of code return an error (VerifcationViewModel.kt, line 109)

val certificates = verifierRepository.getCertificatesBy(kid.toBase64())
if (certificates.isEmpty()) {
    Timber.d("Verification failed: failed to load certificate")
    return@withContext
}

Ie, getCertificatesBy(kid) does return an empty collection.

Expected behaviour

  • The rapid-test should be accepted (it shows up ok on the official austrian verification webapps https://qr.gv.at and https://greencheck.gv.at)

  • The vaccination should be marked as invalid, but not because of a signature failure, but because of the date.

Steps to reproduce the issue

Scan an austrian certificate

Technical details

HTC U11 life running, Android 10, compiled with lastest Android Studio on Windows 10

Additional Information

That should be the certificated used for verification in https://qr.gv.at

-----BEGIN CERTIFICATE-----
MIIB7zCCAZagAwIBAgIKAXnM+L47fmBcezAKBggqhkjOPQQDAjBEMQswCQYDVQQG
EwJBVDEPMA0GA1UECgwGQk1TR1BLMQwwCgYDVQQFEwMwMDExFjAUBgNVBAMMDUFU
IERHQyBDU0NBIDEwHhcNMjEwNjAyMTM0NTI0WhcNMjMwNjAyMTM0NTI0WjBGMQsw
CQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMQ8wDQYDVQQFEwYwMDEwMDExFTAT
BgNVBAMMDEFUIERHQyBEU0MgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGBN
uKiCpnXH0VlIdk6pJZH2ep8jQaV+FR3izMXxZfK5EPGZLtG3Jx+TmV3JJErfrSrP
hRmfbSidVbTQ5nnZS+ujbjBsMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUNs2s
mrjBhuR5Bqxl6teE1x1o2ycwHwYDVR0jBBgwFoAUHyKsHGUWKbTBmLNjb7/dCZ27
e3swGgYDVR0QBBMwEYEPMjAyMTEyMTYxNDQ1MjRaMAoGCCqGSM49BAMCA0cAMEQC
IDjXHnyzq3sTisMX1uY8xQ2ZqCRL2xmxtYOPhSZ9ZacYAiAqHUMOC7WNgq4h28n3
1WLc1mMPAYauWslSEwnXC79AGw==
-----END CERTIFICATE-----

I also tested the QR Codes from the testdata repository with the official austrian webapps. They can’t be verfied …

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:8

github_iconTop GitHub Comments

2reactions
justremotephonecommented, Jun 23, 2021

Hello,

I was able to validate official tests and vaccinations certificates with the above certificate

-----BEGIN CERTIFICATE----- MIIB7zCCAZagAwIBAgIKAXnM+L47fmBcezAKBggqhkjOPQQDAjBEMQswCQYDVQQG EwJBVDEPMA0GA1UECgwGQk1TR1BLMQwwCgYDVQQFEwMwMDExFjAUBgNVBAMMDUFU IERHQyBDU0NBIDEwHhcNMjEwNjAyMTM0NTI0WhcNMjMwNjAyMTM0NTI0WjBGMQsw CQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMQ8wDQYDVQQFEwYwMDEwMDExFTAT BgNVBAMMDEFUIERHQyBEU0MgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGBN uKiCpnXH0VlIdk6pJZH2ep8jQaV+FR3izMXxZfK5EPGZLtG3Jx+TmV3JJErfrSrP hRmfbSidVbTQ5nnZS+ujbjBsMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUNs2s mrjBhuR5Bqxl6teE1x1o2ycwHwYDVR0jBBgwFoAUHyKsHGUWKbTBmLNjb7/dCZ27 e3swGgYDVR0QBBMwEYEPMjAyMTEyMTYxNDQ1MjRaMAoGCCqGSM49BAMCA0cAMEQC IDjXHnyzq3sTisMX1uY8xQ2ZqCRL2xmxtYOPhSZ9ZacYAiAqHUMOC7WNgq4h28n3 1WLc1mMPAYauWslSEwnXC79AGw== -----END CERTIFICATE-----

The kid for this certificate is the required id “Is2JtrOJhik=”.

Please add this to your certificate server.

Regards, Thomas.

0reactions
chrlochcommented, Jun 29, 2021

Closing issue as it is about distributing keys, not app functionality

Read more comments on GitHub >

github_iconTop Results From Across the Web

The EU Digital COVID Certificate, vaccinations and travel ...
The EU Digital COVID Certificate system covers 3 different types of COVID-19 certificate: a vaccination certificate,; a test certificate,; a certificate of ...
Read more >
Israel's Green Pass PDF Vaccination Certificate ... - iText
The recent example of Israel's Green Pass is a reminder how important digital signatures are for secure PDF documents.
Read more >
COVID Certificates: common problems and solutions
If your vaccination details have not been shared with RIVM and you were not vaccinated by the GGD. Contact the care provider who...
Read more >
Frequently asked questions on the applications čTečka and ...
The electronic signature of the certificate cannot be verified – see the following question; The certificate is invalid – revoked – the certificate...
Read more >
NovidChain: Blockchain‐based privacy‐preserving platform ...
This article explores a promising solution for secure Digital Health Certificate, called NovidChain, a Blockchain‐based privacy‐preserving ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Validation app crashes when COBR datetime field is taged with 0 tag

Next page

Unable to build