Connect with us

Publications

How to Decode Your Own EU Vaccination Green Pass With a Few Lines of Python

Published

on

image

Tobias Schlottke Hacker Noon profile picture

@tobschTobias Schlottke

Founder of alphalist – a leading network of CTOs.

The EU Vaccination passport has arrived! The company UBIRCH has worked around the clock for the past few weeks to ensure millions of Germans were able to enjoy a summer of free movement.

The vaccination certificate looks like a simple QR code on paper yet a lot of technology went into making sure to secure the personal data, make it accessible to only authorized users, and also hard to fake. 

In a podcast geared towards CTOs, Matthias Jugel, the CTO of UBIRCH shared what went into the technology and explained how to simply decode the content of the QR-Code.

The EU Vaccine Program

The German vaccination pass is based on the protocols defined by the European Union regarding vaccine certificates for its member states. 

When you get your shot you create a little dataset which contains your personal information, your name, and your birth date, for example, and also some information about the actual vaccination: the manufacturer; product id of the shot; the date when you got your shot and which shot in a series of doses.

The EU also has protocols on how this data set should be handled. It needs to be put into a binary representation which is then signed using a cryptographic key material. Anyone with the public key can now verify that it’s authentic.

This binary representation  is then compressed and encoded into base-45- which is known to be very efficient in combination with QR codes. The base-45 text representation is then put into a QR code which is printed and has your code and your pass. The complete chain is: base45 > zlib > COSE object -> CBOR

This method is different from a JW token because it’s a bit smaller. A JWT is encoded base-64, purely text-based and it’s not compressed in itself. This means it cannot contain as much information in the same amount of data basically so it’s very big in the end.

Still, someone has to take care of converting the dataset into a signed piece of data. Therefore, UBIRCH provides a service in which they receive the data, transform it, sign it, and then hand back something that can be either printed in a QR code or printed as a PDF document. This is all done through the vaccination centers.

Decoding your own Green Pass

Even though legally only authorised personnel should be checking the contents of the QR code, you can still check what’s inside your own QR code from a technical standpoint. You won’t be able to perform signature verification though as access to the public keys is not officially available. So the below code is only for nerds who want to know what data is encoded in their QR code.

1. Use a QR-Code reader to get the content of your own QR-Code. Browser-based one is here:

Here is a sample QR code of a fictional person that we will be using for this example

HC1:6BFNX1:HM*I0PS3TLU.NGMU5AG8JKM:SF9VN1RFBIKJ:3AXL1RR+ 8::N$OAG+RC4NKT1:P4.33GH40HD*98UIHJIDB 4N*2R7C*MCV+1AY
3:YP*YVNUHC.G-NFPIR6UBRRQL9K5%L4.Q*4986NBHP95R*QFLNUDTQH-GYRN2FMGO73ZG6ZTJZC:$0$MTZUF2A81R9NEBTU2Y437XCI9DU 4S3N%JRP:HPE3$ 435QJ+UJVGYLJIMPI%2+YSUXHB42VE5M44%IJLX0SYI7BU+EGCSHG:AQ+58
CEN RAXI:D53H8EA0+WAI9M8JC0D0S%8PO00DJAPE3 GZZB:X85Y8345MOLUZ3+HT0TRS76MW2O.0CGL EQ5AI.XM5 01LCWBA.RE.-SUYH+S7SBE0%B-KT+YSMFCLTQQQ6LEHG.P46UNL6DA2C$AF-SQ00A58HYO5:M8 7S$ULGC-IP49MZCS
U8ST3HDRJNPV3UJADJ9BVV:7K13B4WQ+DCTEG4V8OT09797FZMQ3/A7DU0.3D148IDZ%UDR9CYF

2. Create a Python file with the following code and save as decode.py

#! /usr/bin/env python3
import json
import sys
import zlib import base45
import cbor2
from cose.messages import CoseMessage payload = sys.argv[1][4:]
print("decoding payload: "+ payload) # decode Base45 (remove HC1: prefix)
decoded = base45.b45decode(payload) # decompress using zlib
decompressed = zlib.decompress(decoded)
# decode COSE message (no signature verification done)
cose = CoseMessage.decode(decompressed)
# decode the CBOR encoded payload and print as json
print(json.dumps(cbor2.loads(cose.payload), indent=2))

3. Install all libraries required to use the example code:

pip3 install cryptography==2.8
pip3 install cose
pip3 install cbor2
pip3 install base45

4. Execute the python file

python3 decode.py 'HC1:6BFNX1:HM*I0PS3TLU.NGMU5AG8JKM:SF9VN1RFBIKJ:3AXL1RR+ 8::N$OAG+RC4NKT1:P4.33GH40HD*98UIHJIDB 4N*2R7C*MCV+1AY3:YP*YVNUHC.G-NFPIR6UBRRQL9K5%L4.Q*4986NBHP95R*QFLNUDTQH-GYRN2FMGO73ZG6ZTJZC:$0$MTZUF2A81R9NEBTU2Y437XCI9DU 4S3N%JRP:HPE3$ 435QJ+UJVGYLJIMPI%2+YSUXHB42VE5M44%IJLX0SYI7BU+EGCSHG:AQ+58CEN RAXI:D53H8EA0+WAI9M8JC0D0S%8PO00DJAPE3 GZZB:X85Y8345MOLUZ3+HT0TRS76MW2O.0CGL EQ5AI.XM5 01LCWBA.RE.-SUYH+S7SBE0%B-KT+YSMFCLTQQQ6LEHG.P46UNL6DA2C$AF-SQ00A58HYO5:M8 7S$ULGC-IP49MZCSU8ST3HDRJNPV3UJADJ9BVV:7K13B4WQ+DCTEG4V8OT09797FZMQ3/A7DU0.3D148IDZ%UDR9CYF'

5. This is what the output would look like:

{ "1": "DE", // issuing country "4": 1655209933, // expires at "6": 1623673933, // issued at "-260": { "1": { "v": [ { "ci": "URN:UVCI:01DE/IZ12345A/21E0JXD7UQY6ECLM3WT7YF#8", "co": "DE", "dn": 2, "dt": "2021-04-01", "is": "Robert Koch-Institut", "ma": "ORG-100031184", "mp": "EU/1/20/1507", "sd": 2, "tg": "840539006", "vp": "1119349007" } ], "dob": "1964-08-12", "nam": { "fn": "Mustermann", "gn": "Erika", "fnt": "MUSTERMANN", "gnt": "ERIKA" }, "ver": "1.0.0" } }
}

The Verification of Vaccination Passes – Offline

However, the actual verification can all be done offline – to fit with the requirements of the EU. The corona apps deal with the verification of such passes – without needing the internet. Verification is done entirely through the phone.

 The apps get the public keys and verify the signature, and then depending on the intended usage, they might present you the content of the QR code – the data that’s actually in there.

There are 2 types of apps available.

The official app for authorised personnel and the official app for the public.

CovPass Check App for Authorised Personnel 

The official app was made to allow free travel in the EU. It is meant to be used when you cross a border or when checked abroad by police or by somebody who would like to know whether you’re allowed to be there. 

Your local hairdresser won’t have it. The club bouncer won’t have it.  

This information contains personal data and that is why the official app – that can access all the data contained in the QR code is for authorised personnel only. 

The official CovPass app for Public Use

You can get an authorised app from the app store which will tell you whether the scanned QR code is valid. It won’t print out the name and the birth date because the idea behind it is to present as little personal information as possible, to protect the privacy of everyone involved. 

Using Blockchain to verify Vaccine Passes – Online

For their pilot-solution which has been applied in two German counties, UBIRCH used blockchain technology to make vaccine passes verifiable for authenticity and integrity in a decentral manner. 

    1. People in the vaccination center fill in a web form with their details: name, date of birth, vaccination date, what type – all the data that the EU wants to collect.
    2. Upon submit, this information is hashed together with a salt – making it anonymous
    3. The hash is sent to the backend where it is anchored in the blockchain
    4. A URL is generated containing all the data provided in the webform
    5. A QR is also created which when scanned will display the data captured by the webform
    6. If someone wants to just validate the URL, they can go to the URL, it is decoded and a hash is sent to the server and a response is sent back whether it’s valid with a signature.

UBIRCH still uses blockchain technology in other use cases. However, in close collaboration with the customer and in line with final EU requirements another approach for the implementation of the digital COVID-certificate in Germany was chosen.

This article was based on an alphalist podcast episode. The alphalist podcast features interviews of CTOs and other technical leadership figures and topics range from technology to management.

Guests from leading tech companies share their best practices and knowledge.

The goal is to support other CTOs on their journey through tech and engineering, inspire and allow a sneak-peek into other successful companies to understand how they think and act. Get awesome insights into the world‘s top tech companies, personalities and trends by listening today on Apple, Spotify, Google, Deezer and more.

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://hackernoon.com/how-to-decode-your-own-eu-vaccination-green-pass-with-a-few-lines-of-python-9v2c37s1?source=rss

Crunchbase

Egyptian ride-sharing company Swvl plans to go public in a $1.5B SPAC merger

Published

on

Cairo and Dubai-based ride-sharing company Swvl plans to go public in a merger with special purpose acquisition company Queen’s Gambit Growth Capital, Swvl said Tuesday. The deal will see Swvl valued at roughly $1.5 billion.

Swvl was founded by Mostafa Kandil, Mahmoud Nouh and Ahmed Sabbah in 2017. The trio started the company as a bus-hailing service in Egypt and other ride-sharing services in emerging markets with fragmented public transportation.

Its services, mainly bus-hailing, enables users to make intra-state journeys by booking seats on buses running a fixed route. This is pocket-friendly for residents in these markets compared to single-rider options and helps reduce emissions (Swvl claims it has prevented over 240 million pounds of carbon emission since inception).

After its Egypt launch, Swvl expanded to Kenya, Pakistan, Jordan and Saudi Arabia. The company also moved its headquarters to Dubai as part of its strategy to become a global company.

Swvl offerings have expanded beyond bus-hailing services. Now, the company offers inter-city rides, car ride-sharing, and corporate services across the 10 cities it operates in across Africa and the Middle East.

Queen’s Gambit, the women-led SPAC in charge of the deal, raised $300 million in January and added $45 million via an underwriters’ overallotment option focusing on startups in clean energy, healthcare and mobility sectors.

The statement also mentions a group of investors — Agility, Luxor Capital and Zain Group — which will contribute $100 million through a private investment in public equity, or PIPE.

Per Crunchbase, Swvl has raised over $170 million. From an African perspective, Swvl features as one of the most venture-backed startups on the continent. The company has been touted to reach unicorn status in the past and will when this SPAC merger is completed.

The company will aptly trade under the ticker SWVL. The listing will make it the first Egyptian startup to go public outside Egypt and the second to go public after Fawry. It will also make the mobility company the largest African unicorn debut on any U.S.-listed exchange, beating Jumia’s debut of $1.1 billion on the NYSE. Swvl joins music-streaming platform Anghami as the second startup in the region to go public via a SPAC merger in the Middle East.

Swvl had annual gross revenue of $26 million in 2020, according to the statement, and the company expects its annual gross revenue to increase to $79 million this year and $1 billion by 2025 after expanding to 20 countries across five continents.

On why Queen’s Gambit picked Swvl for this deal, Victoria Grace, founder and CEO, said in a statement that the company fit the profile of what she was looking for: “a disruptive platform that solves complex challenges and empowers underserved populations.”

“Having established a leadership position in key emerging markets, we believe Swvl is ready to capitalize on a truly global market opportunity,” she added.

In May, TechCrunch wrote that SPACs didn’t target African startups for several reasons, including a lack of global appeal and private capital and market satisfaction. Judging by Grace’s comments, Swvl has that global appeal and is ready to venture into the public market despite being in operation for just four years.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://techcrunch.com/2021/07/28/egyptian-ride-sharing-company-swvl-plans-to-go-public-in-a-1-5b-spac-merger/

Continue Reading

Crunchbase

Egyptian ride-sharing company Swvl plans to go public in a $1.5B SPAC merger

Published

on

Cairo and Dubai-based ride-sharing company Swvl plans to go public in a merger with special purpose acquisition company Queen’s Gambit Growth Capital, Swvl said Tuesday. The deal will see Swvl valued at roughly $1.5 billion.

Swvl was founded by Mostafa Kandil, Mahmoud Nouh and Ahmed Sabbah in 2017. The trio started the company as a bus-hailing service in Egypt and other ride-sharing services in emerging markets with fragmented public transportation.

Its services, mainly bus-hailing, enables users to make intra-state journeys by booking seats on buses running a fixed route. This is pocket-friendly for residents in these markets compared to single-rider options and helps reduce emissions (Swvl claims it has prevented over 240 million pounds of carbon emission since inception).

After its Egypt launch, Swvl expanded to Kenya, Pakistan, Jordan and Saudi Arabia. The company also moved its headquarters to Dubai as part of its strategy to become a global company.

Swvl offerings have expanded beyond bus-hailing services. Now, the company offers inter-city rides, car ride-sharing, and corporate services across the 10 cities it operates in across Africa and the Middle East.

Queen’s Gambit, the women-led SPAC in charge of the deal, raised $300 million in January and added $45 million via an underwriters’ overallotment option focusing on startups in clean energy, healthcare and mobility sectors.

The statement also mentions a group of investors — Agility, Luxor Capital and Zain Group — which will contribute $100 million through a private investment in public equity, or PIPE.

Per Crunchbase, Swvl has raised over $170 million. From an African perspective, Swvl features as one of the most venture-backed startups on the continent. The company has been touted to reach unicorn status in the past and will when this SPAC merger is completed.

The company will aptly trade under the ticker SWVL. The listing will make it the first Egyptian startup to go public outside Egypt and the second to go public after Fawry. It will also make the mobility company the largest African unicorn debut on any U.S.-listed exchange, beating Jumia’s debut of $1.1 billion on the NYSE. Swvl joins music-streaming platform Anghami as the second startup in the region to go public via a SPAC merger in the Middle East.

Swvl had annual gross revenue of $26 million in 2020, according to the statement, and the company expects its annual gross revenue to increase to $79 million this year and $1 billion by 2025 after expanding to 20 countries across five continents.

On why Queen’s Gambit picked Swvl for this deal, Victoria Grace, founder and CEO, said in a statement that the company fit the profile of what she was looking for: “a disruptive platform that solves complex challenges and empowers underserved populations.”

“Having established a leadership position in key emerging markets, we believe Swvl is ready to capitalize on a truly global market opportunity,” she added.

In May, TechCrunch wrote that SPACs didn’t target African startups for several reasons, including a lack of global appeal and private capital and market satisfaction. Judging by Grace’s comments, Swvl has that global appeal and is ready to venture into the public market despite being in operation for just four years.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://techcrunch.com/2021/07/28/egyptian-ride-sharing-company-swvl-plans-to-go-public-in-a-1-5b-spac-merger/

Continue Reading

HRTech

Google will require vaccines as workers return to the office

Published

on

Coronavirus

In the coming weeks, Google will start requiring workers to be vaccinated before coming into the office, the company announced Wednesday. The tech giant is also extending its voluntary work-from-home policy through late October, as the Delta variant of the Covid-19 virus spreads. 

The vaccination requirement will roll out across US offices first and then expand to other regions. The implementation of the policy will vary depending on local conditions and regulations, as well as the availability of the vaccine. 

Google’s decision follows similar vaccination requirements by a growing number of government agencies and entities like the Mayo Clinic. 

Google first closed its offices in March 2020 and previously said its employees would work remotely until at least September 2021. After announcing it would adopt a “hybrid workforce model” that asked employees to spend at least some time in the office, Google in May said that it expects around 20 percent of its employees to work from home permanently. 

Some of the company’s campuses have started reopening. Google said it will give employees at least 30 days’ notice before implementing its full return-to-office plans. 

“It’s encouraging to see very high vaccination rates for our Google community in areas where vaccines are widely available,” CEO Sundar Pichai wrote in an email to employees Wednesday. “This is a big reason why we felt comfortable opening some of our offices to employees who wanted to return early.”

Prior and related coverage: 

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/google-will-require-vaccines-as-workers-return-to-the-office/#ftag=RSSbaffb68

Continue Reading

Techcrunch

Score a free month of Extra Crunch with your TC Sessions: SaaS 2021 pass

Published

on

Whether you’re just starting to build your SaaS empire or you’re further along in your journey, you don’t want to miss TC Sessions: SaaS 2021 on October 27. This day-long virtual event, dedicated to the increasingly sophisticated world of software-as-a-service, features some of the sector’s biggest names, plenty of actionable advice and ample opportunity to network for, well, ample opportunities.

Learn how to scale, how to manage growth — of your business and of the massive amount of data it generates — and how to keep your products and services safe in an increasingly cyber-hostile world. And that’s just for starters.

Bonus Alert: Buy a TC Sessions: SaaS pass and receive a free, one-month subscription to Extra Crunch, our members-only program featuring exclusive daily articles for founders and startup teams.

Extra Crunch membership gives you the inside scoop and helps you stay ahead of the tech, business and investing trends every startup founder needs to know. Since Extra Crunch launched in 2019, we’ve posted more than 2,000 articles.

You’ll have access to exclusive articles on topics like market analysis, growth and fundraising. Here’s a quick peek at just some of the recent titles available to Extra Crunch subscribers:

Your membership also includes access to our weekly virtual event series, Extra Crunch Live. We hosted more than 40 events during 2020, and we built more interactivity into our 2021 format. We added a bunch of new stuff, too — like Pitch Deck Teardowns. Check out what’s going on with Extra Crunch Live in 2021.

We’re not quite ready to share the TC Sessions: SaaS event agenda, but register for updates and you’ll know when we announce new speakers, add events and offer ticket discounts.

TC Sessions: SaaS 2021 takes place on October 27. Join your global SaaS community to learn, inspire, connect and grow a stronger business. Buy your SaaS pass here and scoop up a free month of Extra Crunch goodness on us.

Is your company interested in sponsoring or exhibiting at TC Sessions: SaaS 2021 – Marketing & Fundraising? Contact our sponsorship sales team by filling out this form.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://techcrunch.com/2021/07/28/score-a-free-month-of-extra-crunch-with-your-tc-sessions-saas-2021-pass/

Continue Reading
Esports4 days ago

Teppei Genshin Impact Voice Actor: Who is it?

Esports4 days ago

Who won Minecraft Championships (MCC) 15? | Final Standings and Scores

Esports5 days ago

All ranked mode rewards for Pokémon UNITE: Season 1

Aviation3 days ago

Legendary F-14 Pilot Dale ‘Snort’ Snodgrass Dies In A Tragic Plane Crash

Cleantech4 days ago

Form Energy Reveals Iron-Air 100 Hour Storage Battery

Esports4 days ago

Sakura Arborism Genshin Impact: How to Complete

Esports5 days ago

Here are the results for the PUBG Mobile World Invitational (PMWI) West 2021

watch-live-russias-pirs-module-set-to-depart-space-station-today.jpg
Aerospace3 days ago

Watch live: Russia’s Pirs module set to depart space station today

Esports5 days ago

Here are the results for the PUBG Mobile World Invitational (PMWI) East 2021

best-gengar-build-in-pokemon-unite.png
Esports4 days ago

Best Gengar build in Pokémon UNITE

Techcrunch4 days ago

This Week in Apps: Clubhouse opens up, Twitter talks bitcoin, Snap sees record quarter

Cyber Security5 days ago

Threat Actors are Abusing Argo Workflows to Target Kubernetes

Esports5 days ago

Are there ranked rewards in Pokémon UNITE?

Esports4 days ago

Best Garchomp build in Pokémon UNITE

Cyber Security5 days ago

What Programming Language Should I Learn for CyberSecurity?

Blockchain4 days ago

Canadian Border Town Halts Crypto Mining to Draw Up Regulations

Esports4 days ago

How to unlock Pokémon in Pokémon UNITE, all Unite License costs

AR/VR4 days ago

Warplanes: WW1 Fighters to See Official Oculus Quest Store Launch This Week

AI4 days ago

What is the Freedom Phone and Should You Buy It?

Crowdfunding4 days ago

Calgary, Alberta’s Allied Venture Partners Confirms they’ve Invested $1M+ into Early-Stage Tech Firms

Trending