Replies: 1 comment 1 reply
-
|
@luche79, the library has in the name "decoder" and not "validator": its goal is to decode a green pass, not to validate it. I have coded the validation, but I don't know if I will release it within this package or in another package: so, I don't know if the validator package will be free to use. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, I don't understand the usefulness of this "decoder" but I think you should specify that it is not suitable for verification ... Otherwise someone can get confused and misuse it if they are not already using it .. For validation, I found that there are many open source solutions in many programming languages ... Thanks for the clarification and good work |
Beta Was this translation helpful? Give feedback.
-
Hi I found a flaw in the certificate verification, in practice if I decode the certificate data and modify them to then recode everything, the verification works correctly even with fake data.
An additional check must be added on the root of the array, as shown in the example:
-unzipped and decode---
array(4) {
[0]=>
string(13) "�H4Br�&"
[1]=>
array(0) {
}
[2]=>
string(266) "COVID CERTIFICATE DATA EDITABLE...."
[3]=>
EL"O*�@d!�"n��d&��=r �hI4d^
}
-unzipped ---
-header [0]---
array(2) {
[4]=>
string(8) "4Br"
[1]=>
string(2) "-7"
}
-header [0]---
-signature [3]---
string(14) "��d&��"
-signature [3]---
As it is, it cannot be used in totem-type devices for automatic verification, a real shame.
Beta Was this translation helpful? Give feedback.
All reactions