• This repository has been archived on 07/Nov/2023
  • Stars
    star
    138
  • Rank 264,508 (Top 6 %)
  • Language Vue
  • License
    GNU Affero Genera...
  • Created over 3 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Scan your vaccination, test and recovery certificates in QR code representation and save them to your Apple Wallet

COVID Pass og image

This web application offers the possibility to scan the EU-wide vaccination, test and recovery certificates (namely EU Digital COVID Certificate) as QR code and generate an Apple Wallet pass from it, so they are easily accessible for validation on iPhone, and Apple Watch.

Discussion

Since the QR codes store sensitive personal information as well as health data, processing of the data is done entirely within the users browser. Only a hash over the data is sent to the server to sign it with a certificate issued by Apple, for which a Apple Developer Program Membership is required.

Providing Apple Wallet passes from the official COVID apps, like Corona-Warn, has already been discussed and seems to have been discarded due to security concerns and lack of specification of this requirement to developers (see here or here).

While we very much understand these decisions for the official COVID apps, we believe that with proper education, users can assess these risks for themselves. As furthermore named here, there are countless apps which can be utilized to generate Apple Wallet passes. However, they also use external servers and it is intransparent how data, this case very sensitive data, is handled.

Therefore, this project offers a transparent and secure way to create passes. If you disagree, feel free to open an issue and let's discuss it.

Principles

This project attempts a compromise to enable the user experience of Apple Wallet passes while protecting sensitive information in the best possible way. For this it follows the following principles:

  • Data economy
    • The sensitive data is only used within the users browser
    • The data itself is never transmitted or stored
    • No website analytics or ad tracking
  • Transparency
    • The authors strive to be as transparent as possible
    • Within the process the user gets educated and his or her consent is required
  • Open Source
    • Full source code is available
    • Code can be reviewed by third parties
    • Easy to deploy yourself (but Apple® Developer membership required)
  • No commercial interests
    • Creating Apple Wallet passes is and will always be free of charge
    • Health data should never be used for profit!

Getting started

Add and convert certificate

Add your Pass Type ID certificate (with extension .cer) from the iOS Provisioning Portal to your Keychain and export as .p12 to the ./keys folder, named by your Pass ID (e.g. com.example.myNewPass.p12).

Then run the following command to convert to .pem as well as to automatically load the needed wwdr.pem certificate:

./node_modules/passbook/bin/node-passbook prepare-keys -p keys

Alternatively you can directly convert the certificates using openssl:

openssl pkcs12 -legacy -in "./keys/<PASS_ID>.p12" -out "./keys/<PASS_ID>.pem" -passout "pass:<PASS_CERT_SECRET>" -nocerts
curl https://developer.apple.com/certificationauthority/AppleWWDRCA.cer | openssl x509 -inform der -out ./keys/wwdr.pem

Check if expired with openssl x509 -enddate -noout -in ./keys/<PASS_ID>.pem.

Set environment variables

The following environment variables have to be set for Apple Wallet® pass generation. This can be done by an .env file within the project root or by adding the variables to the environment.

NODE_ENV=production
ALLOWED_ORIGINS=         # Comma separated list of origins
PASS_TYPE_IDENTIFIER=    # The Wallet Pass ID
PASS_TEAM_IDENTIFIER=    # The Developer Team identifier
PASS_CERT_SECRET=        # The .pem secret set while converting from .p12 to .pem

Development Setup

# install dependencies
$ yarn install

# serve with hot reload at localhost:3000
$ yarn dev

For detailed explanation on how things work, check out Nuxt.js docs.

For testing, the QR codes from the EU DGC test data set can be used.

Deploy with Docker Compose

# build container
$ docker-compose build  

# run container
$ docker-compose up -d  

Except when accessed from localhost, the container must be run behind a reverse proxy (e.g. nginx), which provides SSL and redirects all traffic to HTTPS!

Trademark notice

Apple, Apple Wallet, iPhone and Apple Watch are trademarks of Apple Inc., registered in the U.S. and other countries and regions.

More Repositories

1

photo-booth

A multi-platform photo booth software using Electron and your camera
JavaScript
390
star
2

BOSCH-GLM-rangefinder

Python script to remote control a BOSCH GLM 100C rangefinder via its Bluetooth serial interface
Python
61
star
3

sunportal

A web-based visualisation tool for SMA(R) solar inverter data
JavaScript
19
star
4

django-vue-graphql

A Django framework that integrates Vue with Vuetify and GraphQL
Python
6
star
5

433MHz-Wireless-Sockets-API

This project provides an API written in python to control cheap Remote Control Switches based on 433MHz with a Raspberry Pi; It also provides a web interface for a handy use of the API
Python
4
star
6

ChurchTools-Facts-Reporter

This desktop application provides an easy way to report facts about events in ChurchTools
JavaScript
3
star
7

Physical-Image-Manipulation-Program

A python project for physical image manipulation using object recognition.
Python
2
star
8

Norvi-Enet-Modbus

A Modbus TCP server software for the NORVI ENET AE-06-T ESP32 industrial controller
C++
2
star
9

climate-keywords

CSS
2
star
10

telegram-speedtest-bot

This is a Python3 implementation of a telegram bot that reports speedtest results
Python
2
star
11

s0-bridge

Include your power consumption as well as not Bluetooth(R) or Speedwire enabled solar inverters into your SBFspot database
Python
1
star
12

pacman

This is just another implementation of the classic video game Pac-Man. This online game is implemented using HTML5 Canvas and running purely with Javascript in the browser. The game is a exam work in my studies.
CSS
1
star
13

PizzaOrderSystem

A PHP based system to collect Pizza Orders, developed for the 24h CodeCamp 2017 @ University of Applied Science Harz, Germany
CSS
1
star
14

433MHz-Wireless-Sockets-MacOS-App

This is a Status Bar App for MacOS, written in Swift 3, for my 433MHz Wireless Sockets API
Swift
1
star
15

md-cms

A minimal flat-file CMS, consisting of Markdown files and a very slim PHP core
PHP
1
star