sikerdebaard / coronacheck-tools Goto Github PK

Dear Sikerdebaard,

We've been implementing the code and get data. Nice!

Question i have is how to analyse the output.

Fields validFrom and validForHours seem to be incomprehensible to us. How should we analyse the contents of these fields?

What determines if a person is "green" or "red"?

Thanks for asssisting!

Mark

cv2 is a bit heavy for the limited image processing tasks done by this library. Migrating cv2 to Pillow would make this library a lot faster to install on systems where cv2 wheels aren't necessarily available. E.g. some linux arm systems.

Running the upgrade command on windows 10:
pip3 install coronacheck-tools --upgrade

Upgrade failes with the following error:

Collecting numpy==1.19.3
        Using cached numpy-1.19.3.zip (7.3 MB)
        Installing build dependencies: started
        Installing build dependencies: finished with status 'done'
        Getting requirements to build wheel: started
        Getting requirements to build wheel: finished with status 'done'
        Preparing metadata (pyproject.toml): started
        Preparing metadata (pyproject.toml): finished with status 'error'
        error: subprocess-exited-with-error

        Preparing metadata (pyproject.toml) did not run successfully.
        exit code: 1

        [267 lines of output]
        setup.py:67: RuntimeWarning: NumPy 1.19.3 may not yet support Python 3.10.
          warnings.warn(
        Running from numpy source directory.
        setup.py:480: UserWarning: Unrecognized setuptools command, proceeding with generating Cython sources and expanding templates

× pip subprocess to install build dependencies did not run successfully.
│ exit code: 1
╰─> [307 lines of output]
Ignoring numpy: markers 'python_version == "3.6" and platform_machine != "aarch64" and platform_machine != "arm64"' don't match your environment
Ignoring numpy: markers 'python_version >= "3.6" and sys_platform == "linux" and platform_machine == "aarch64"' don't match your environment
Ignoring numpy: markers 'python_version >= "3.6" and sys_platform == "darwin" and platform_machine == "arm64"' don't match your environment
Ignoring numpy: markers 'python_version == "3.7" and platform_machine != "aarch64" and platform_machine != "arm64"' don't match your environment
Ignoring numpy: markers 'python_version == "3.8" and platform_machine != "aarch64" and platform_machine != "arm64"' don't match your environment

I am unable to run the project is all available systems I have. I guess I am doing something very simple wrong, but I don't know what. Is there somewhere a baseguide to install and run python in WSL or Windows?

Thanks in advance!

Hey,

As there's now 23 keys that have been added to deny-list, I would like to see a update to this.
Any idea how we could streamline adding newly denied QRs?

It seems like the package is dependent on:
libGL.so.1 & zbar which, in my case, could be solved by:

sudo apt-get install libgl1-mesa-glx zbar-tools

Hi,

Ik krijg de error: Code is invalid Could not verify domestic QR code: Could not verify v2 proof: Invalid proof.

Is dit iets wat ik zelf verkeerd doe of is er ondertussen iets gewijzigd waardoor de code niet helemaal meer accuraat is?

Hey there,

Thanks for your cool repo about seeing what's inside the QR code! Really interesting stuff.
I was wondering what the c, a, eResponse, vResponse and aResponse fields mean. They seem to be still encoded? What is in this fields? They seem to change with every QR code too. Is there a page where I can find more information about this?

Thanks for any help :)

Greetings,
I am trying to develop a tool similar to yours, but in Java. The problem is that I don't understand how you perform the verification process. I have done many tests with your tool and I see that it works correctly (even offline, necessary part for my project), but I do not understand the verification process.... I have been able to verify that if any change is made to any of the variables in the generated json ("disclosureTimeSeconds", "c", "a", "eResponse", "vResponse", "aResponse" or "aDisclosed"), the program detects that it is invalid code, but I don't understand the process it follows to reach that conclusion and I need to replicate it in Java.
If you could guide me about the path it follows to perform the checks I would be very grateful.

Regards.

There seems to be a minor decoding issue with the current app (from RAW and QR): "birthMonth": "\u0000"

Full raw or QR code can be supplied in private.

it seems to run into this problem

  'NoneType' object is not subscriptable

  at /usr/local/lib/python3.9/site-packages/coronacheck_tools/verification/mobilecore.py:37 in validate
       33│         return False, result['Error']
       34│ 
       35│     result = result['Details']
       36│ 
    →  37│     if result['credentialVersion'] == '1':
       38│         # if this field is set to 1 it is actually a european EHC
       39│         result['isEHC'] = True
       40│         result['isDHC'] = False
       41│     else:```

In de officiele scanner app is nu in de config file een proofIdentifierDenylist opgenomen waarmee kennelijk de geldigheid van individuele qr codes uitgeschakeld kan worden. Kan deze 'ProofIdentifier' ook met deze tools geprint worden?

minvws/nl-covid19-coronacheck-idemix@21fbb94

ValueError

invalid literal for int() with base 10: ''

  at c:\users\aziz\appdata\local\programs\python\python39\lib\site-packages\coronacheck_tools\verification\mobilecore.py:59 in _ensureconfig
      55│     timestamp_file = confdir / 'timestamp'
      56│
      57│     if timestamp_file.exists():
      58│         with open(timestamp_file, 'r') as fh:
    → 59│             timestamp = datetime.utcfromtimestamp(int(fh.read()))
      60│
      61│         now = datetime.utcnow()
      62│         if timestamp >= now - timedelta(hours=24):
      63│             # no need to refresh the config

I'm thinking of developing a REST API around this library. This could then be utilized to run the official MinVWS mobilecore verifier through this library on devices like ticket terminals. For offline requirements, e.g. festivals, this library + configs could be preloaded and refreshed once every x-days. For online devices a SaaS API could be utilized with a pay-as-you-go type subscription.

Would there be interest in such a thing? What requirements would you have for this?

For example if the library would be able to read the MRZ and/or NFC of an identity card / passport and automatically verify this with the information on the QR code would that be enough or would it still be necessary for a person to verify the ID proof? Of course there would need to be a fallback for unreadable ID proof but I think this could save some time as you would probably need less staff.

Would it be interesting to check if certain QR codes have been used more than once in your venue? There's a unique token in the domestic QR that could be utilized for this. This won't work if a person generated multiple QR codes but at the very least you could utilize it to see if a specific QR code has been scanned a suspicious number of times.

Are there analytics that might be useful? E.g. how many paper or app QR codes have been scanned or how many domestic or EHC codes? Is it allowed to gather such analytics?

The encryption part of this qr code seems to use IRMA. It looks like the mobile Android and iOS app use a library called Gabi for this.

This struct seems to be populated based on records from the deserialized ASN.1 data. This data is then somehow magically mixed in this function by Gabi which then somehow proves that the data is valid or not.

I'm not sure how to tackle this in Python. This stuff seems pretty bleeding edge and I'm not sure if this can be implemented with encryption primitives from e.g. libs like cryptography or openssl.