Quote:
Originally Posted by calgarywinning
If all the data is not encrypted, you would simply convert the QR code to it's text string. Compare where the valid generated key is and copy and paste into a new text string with a valid code and your personals. So you would need a valid QR code (say from a family member), not self generation as in the article (which is a very good read).
If all the data is encrypted, then you would need the public key to reverse engineer.
So if you were collecting unencrypted data, it would be interesting to see how complicated the governments algorithm was for generating the private key.
|
But the signature is generated based on the information in the records, and modifying the records in any way (e.g. putting your own info into someone else's record) invalidates the signature.
Quote:
|
With respect to patient privacy, note that when a SMART Health Card is issued, it is cryptographically signed by the Issuer. This means that the contents, including the FHIR Bundle, cannot be changed without invalidating the signature.
|
https://build.fhir.org/ig/HL7/fhir-shc-vaccination-ig/
Here's more info:
https://github.com/dvci/health-cards...%20Cards.ipynb