Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Invalid QR code gets validated
See original GitHub issueDescribe the bug
Scanning the following QR code (sorry for the profanity included, it’s how I found it from here) results in a positive result.
HC1:NCFOXN%TSMAHN-H/RCMPQ5GE5I00H9GBH3QNAD6.LQLX85ZS GJTSJ4NKP1HCV4*XUA2PSGH.+H$NI4L6F$S-N1FYBRR1$Q1+GOF+P$HQPHQHTQ.SQ6$PUKRN95404.W7UX4795L*KDYPWGO+9AZDOHCRL35IWMSDOP7OQ+M70AK$8 96XY4SBLU96:/6N9R%EPL8RY9DOA60-K.IA.C8KRDL4O54O4IGUJKJGI0JAXD15IAXMFU*GSHGRKMXGG6DBYCBMQN:HG5PAHGG8KES/F-1JW-K%B3A9ENO4B-S-*O4-G1FD/U47HAE1MI4OE0G1:HHD4AB874MM-6B:HKJSQ.TAG3CR1638W9AV88G64PB4VHRY2EK03NFJL4M10KP3AT2VK LT5GGFV85I0*10W2ZXJSBTMFW*+KM2T8-CXR32BMF7RAEAYKMWHE/NH UP4SNGENEWUY97 -3YM0.HAM:D:00ZY35XRT1100MFKWEWYHKCZIZJ0CAQYIKOZIZJ0DAQCDQGAE62ORR7HL0POYQCGMGBBEQFCBCDCT4VYFQZEPYFXK69ZRV9T8IY6NWAYEJF0VXVKNFCG/X9UIG5HFWRPEDW2EPW00S1K83I3900:919FUCKYOUALLGPSUPPORTERS9IKM24N21AW7ZUR2L013300EUISGOEINGDOWNNAZZYFUCKERS666I3AK96XYR01300STOREMYCODEMUTHERFUCKERANDGOTOHELLI5340XRT09SHUZVB33IR0IPUTAVIRUSHERE83H73KFI280I23KL0YRZT91Y0WITHLOVEFROMHA1*PWEOXCI/QXRLOZKN0LM*03I2RWT0Z
Expected behaviour
QR Code isn’t validated
Steps to reproduce the issue
- Scan QR code from above
- Pass is validated, even though the QR Code doesn’t represent a valid certificate (not even a valid base45 message, AFAIK)
Technical details
Probably a parsing issue. Only happens w/ VerificaC19 (Swiss Covid App + corona-decoder) are fine with this specific QR.
One user reports that with a slightly modified QR the Swiss Covid app is affected too.
Possible Fix
Validation must be checked + tested
Additional context
Found on https://github.com/ehn-dcc-development/hcert-spec/discussions/105#discussioncomment-1573490.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:6
- Comments:12
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi we have already released VerificaC19 1.1.7 which integrates a EU core lib fix : https://github.com/eu-digital-green-certificates/dgca-app-core-android/commit/8c2872b77efb98c61c4f13fb5bdc6a1edff99716
thank you for your support
Hello @denysvitali
VerificaC19 uses the default implementation of EU DGC core decoder for such operations.
The latest EU DGC core decoder updates fix some base45decoder issues (bugfix commit).
By using the updated core decoder, the first QR code - based on AD 1.0.0 Full Vaccination testdata signed with keys from the DCC ACC environment (check here) - gets detected as NOT VALID.
I’ve built a test-release 1.1.6 of VerificaC19 with the current updates (available here) if you want to use it for your checks.
The second QR code (BRANDENBURGTEST BERND 01/01/1950) gets detected instead as valid using the current code for verifier-app + DGC-SDK (develop branches) & EU DGC core + certlogic.