Quote:
Originally Posted by opendoor
That's not correct. The government app absolutely can authenticate the validity of the QR code without relying on connecting to a database. The QR codes use asymmetric cryptography where every issued QR code is signed using a private key, and the public key (used in the app) can be used to verify that it's genuine. So they can't be altered in any way, or they would fail the signature check when scanned.
|
The personal crypto key is completely visible as a data point in the QR barcode. Then I see what you mean about the public key. So my bad. However:
A QR-code is just text. You can encrypt text with your preferred encryption mechanism. Then transform this text into an QR-code. The clue is, that you will need a reader and writer for de- and encryption. The biggest problem ist the size of the text and the resultig size of the QR-code. Encryption enlarges texts a lot.
So lets work through this. Does the public key unlocks a CHECKSUM only, verifying it is a legitimate QR or does it "unlock the personal information" encoded in, such as name, birth date and vac dates, double or single dose". Is the personal data not encrypted in the bar code and just the CHECKSUM? I guess this would happen on end to end encryption as well. I'd be extremely curious about this process.
However, I'm not sure if you had seen Alberta's first version of the vaccine passport which is much like a health card of basic printed data?