Scan your vaccination, test and recovery certificates in QR code representation and save them to your Apple Wallet

Overview

COVID Pass og image

This web application offers the possibility to scan the EU-wide vaccination, test and recovery certificates (namely EU Digital COVID Certificate) as QR code and generate an Apple Wallet pass from it, so they are easily accessible for validation on iPhone, and Apple Watch.

Discussion

Since the QR codes store sensitive personal information as well as health data, processing of the data is done entirely within the users browser. Only a hash over the data is sent to the server to sign it with a certificate issued by Apple, for which a Apple Developer Program Membership is required.

Providing Apple Wallet passes from the official COVID apps, like Corona-Warn, has already been discussed and seems to have been discarded due to security concerns and lack of specification of this requirement to developers (see here or here).

While we very much understand these decisions for the official COVID apps, we believe that with proper education, users can assess these risks for themselves. As furthermore named here, there are countless apps which can be utilized to generate Apple Wallet passes. However, they also use external servers and it is intransparent how data, this case very sensitive data, is handled.

Therefore, this project offers a transparent and secure way to create passes. If you disagree, feel free to open an issue and let's discuss it.

Principles

This project attempts a compromise to enable the user experience of Apple Wallet passes while protecting sensitive information in the best possible way. For this it follows the following principles:

  • Data economy
    • The sensitive data is only used within the users browser
    • The data itself is never transmitted or stored
    • No website analytics or ad tracking
  • Transparency
    • The authors strive to be as transparent as possible
    • Within the process the user gets educated and his or her consent is required
  • Open Source
    • Full source code is available
    • Code can be reviewed by third parties
    • Easy to deploy yourself (but Apple® Developer membership required)
  • No commercial interests
    • Creating Apple Wallet passes is and will always be free of charge
    • Health data should never be used for profit!

Getting started

Add and convert certificate

Add your Pass Type ID certificate (with extension .cer) from the iOS Provisioning Portal to your Keychain and export as .p12 to the ./keys folder, named by your Pass ID (e.g. com.example.myNewPass.p12). Then run the following command to convert to .pem as well as to automatically load the needed wwdr.pem certificate:

./node_modules/passbook/bin/node-passbook prepare-keys -p keys

Set environment variables

The following environment variables have to be set for Apple Wallet® pass generation. This can be done by an .env file within the project root or by adding the variables to the environment.

NODE_ENV=production
ALLOWED_ORIGINS=         # Comma separated list of origins
PASS_TYPE_IDENTIFIER=    # The Wallet Pass ID
PASS_TEAM_IDENTIFIER=    # The Developer Team identifier
PASS_CERT_SECRET=        # The .pem secret set while converting from .p12 to .pem

Development Setup

# install dependencies
$ yarn install

# serve with hot reload at localhost:3000
$ yarn dev

For detailed explanation on how things work, check out Nuxt.js docs.

For testing, the QR codes from the EU DGC test data set can be used.

Deploy with Docker Compose

# build container
$ docker-compose build  

# run container
$ docker-compose up -d  

Except when accessed from localhost, the container must be run behind a reverse proxy (e.g. nginx), which provides SSL and redirects all traffic to HTTPS!

Trademark notice

Apple, Apple Wallet, iPhone and Apple Watch are trademarks of Apple Inc., registered in the U.S. and other countries and regions.

Issues
  • Trying to scan EU Digital covid certificate

    Trying to scan EU Digital covid certificate

    While trying to scan my EU Digital covid certificate qr code. There is a red square on the qr code and nothing happens. So i can not have the pass. Am i doing something wrong?

    Appreciate it your work and your great initiative. Thank you!

    opened by spl26 5
  • The button „add to apple wallet“ does not work

    The button „add to apple wallet“ does not work

    After scanning the QR-Code successfully the button „add to apple wallet“ does not upload it to the wallet. I’m using iPhone X with the lastest iOS version

    opened by Bazooka2304 2
  • QR code scanner not working on iPhone with iOS 15 Developer Beta

    QR code scanner not working on iPhone with iOS 15 Developer Beta

    Reported by @donatuswolf

    May be an issue, as the current iOS15 Developer Beta is a quite early Beta version.

    bug 
    opened by philipptrenz 1
  • Payload does not include the hash

    Payload does not include the hash

    When creating the zip file to sign with the server, the full pass json is included instead of only the hash, which contradicts with what is written in the README.

    Since the QR codes store sensitive personal information as well as health data, processing of the data is done entirely within the users browser. Only a hash over the data is sent to the server to sign it with a certificate issued by Apple, for which a Apple Developer Program Membership is required.

    The hash is being created but never used, https://github.com/philipptrenz/covidpass/blob/90c90fbf82ef606eb4992a01fcf9180321daafec/plugins/src/pass.js#L41

    opened by timokoenig 1
  • Feature/localization

    Feature/localization

    opened by philipptrenz 0
  • Create design for Apple Wallet pass

    Create design for Apple Wallet pass

    Chosen pass type is generic, therefore styling includes:

    • [ ] Color definitions
    • [ ] Texts
    • [ ] Icon
    • [ ] Logo
    • [ ] (Thumbnail)
    • [ ] (Additional fields)

    https://developer.apple.com/library/archive/documentation/UserExperience/Conceptual/PassKit_PG/Creating.html#//apple_ref/doc/uid/TP40012195-CH4-SW4

    enhancement 
    opened by philipptrenz 0
  • Create Favicons and Open Graph Image

    Create Favicons and Open Graph Image

    Using the common sizes for websites

    enhancement 
    opened by philipptrenz 0
  • Create pkpass within the frontend, only sign the hash within backend

    Create pkpass within the frontend, only sign the hash within backend

    @KhaosT introduced a PR at https://github.com/covidpass-org/covidpass to generate the pkpass fully locally within the client and only send the hashed data to the backend for signing. We should adopt that asap.

    opened by philipptrenz 0
  • Add privacy and impress texts

    Add privacy and impress texts

    opened by philipptrenz 0
  • Cannot validate the QR code

    Cannot validate the QR code

    I have two devices (iPhone 12 Mini and XR) I added the COVID Pass to my Wallet (not relevant to this issue, but it for some reason doesn't work with Chrome and only allows to add it to Wallet using Safari (iPhone XR didn't try with 12M.)

    My certificate is Estonian and for vaccination. The actual issue for me for both phones is that I cannot scan the QR code because of low resolution maybe? Thanks to https://kontroll.digilugu.ee/ we can check for validity of the QR code and I cannot get it to read the QR code.

    opened by SigritSiht 0
  • Remove Watermark

    Remove Watermark

    There should be a a setting to remove the watermark.

    opened by 10Meisterbaelle 0
  • Kamera

    Kamera

    Kamera Zugriff erlauben? Wie?

    opened by friezzen 0
  • GDPR and ePrivacy compliance

    GDPR and ePrivacy compliance

    Please add cookie consent for GDPR and ePrivacy compliance

    Reason is the language selection cookie that is being set i18n_redirected

    bug 
    opened by timokoenig 1
  • Cannot scan vaccination qr code

    Cannot scan vaccination qr code

    I was able to add the qr code into CWA and Covpass.

    Your Browser app (on iPhone / Safari) does not recognize the qr code and cannot be added. There is no error message.

    It's the qr code I got to testify my 2nd and final vaccination

    opened by bondskin 0
  • Logging of confidential data in case of an error

    Logging of confidential data in case of an error

    Even though sending the whole QR code to the server which contains sensitive personal data is not the best idea, you should definitely not log this data on your server.

    https://github.com/philipptrenz/covidpass/blob/6dbffaf1b517f22429c5a9952638bd8f7b4714ed/server-middleware/rest.js#L57

    https://github.com/philipptrenz/covidpass/blob/6dbffaf1b517f22429c5a9952638bd8f7b4714ed/server-middleware/rest.js#L66

    If you log errors you should exclude everything that is related to the user or considered sensitive data

    opened by timokoenig 2
  • Funktioniert nicht

    Funktioniert nicht

    Code lässt sich scannen, Button für Wallet funktioniert aber nicht. Gefühlt 100x probiert!!!

    opened by Jeannette1973 3
  • Camera activation on Iphone

    Camera activation on Iphone

    Hi, While this works in IPad, it seems not possible to give camera access on the iPhone for scanning..... ist this normal? Thanks

    opened by Sibbedes 1
  • Cannot scan

    Cannot scan

    “QR Code is not correct” although this QR code works with corona warn app.

    opened by gizn 4
  • more pass colors

    more pass colors

    offer a color selection for pride colors or typical vaccination certificate yellow

    enhancement 
    opened by donatuswolf 0
Smart Phone recommender

Mobile phones have become extensions of ourselves, and living without them is almost unimaginable. Work and home life have also merged, with the office always at one’s fingertips. More and more we rely on the keen intelligence that our mobile phones provide, not only for work but also for family time, networking and entertainment.

null 3 May 27, 2021
Projeto que coleta dados sobre vacinação no Brasil e divulga em um website. | Project to collect Brazil vaccination data and presents in website.

Projeto que coleta dados sobre vacinação no Brasil e divulga em um website. | Project to collect Brazil vaccination data and presents in website. http

Flávio Omar Losada 16 Mar 18, 2021
Applications for any device with HTML, CSS and JavaScript - free and open source!

App Framework App Framework development has ended. I recommend using the Framework7 CLI instead. iOS and Android Apps with HTML & JavaScript - App Fra

null 640 Jul 6, 2021
Overview page for all COVID vaccination appointments in Upper Austria. 💉

jaukerl-ooe.m8.at This is a low-threshold information page that displays all available COVID vaccination appointments in the province of Upper Austria

Frederic Köberl 26 Jul 15, 2021
Overview page for all COVID vaccination appointments in Upper Austria. 💉

This is a low-threshold information page that displays all available COVID vaccination appointments in the province of Upper Austria.

Frederic Köberl 26 Jul 15, 2021
Barcode Scanner Plugin for Vue.js

Vue Barcode Scanner Barcode Scanner Plugin for Vue.js Features Usually in the market have a lot of barcode scanner. So we need to handle a lot of thin

noomerZx 124 Jul 3, 2021
Apps are core components of KodaDot wallet.

?? Apps Apps are core components of KodaDot wallet. Basic usage is to interact from browser with Polkadot and Substrate based networks. ??

KodaDot 53 Jul 21, 2021
Quant-UX standalone

Vue-Low-Code Vue-Low-Code is an open-source project that turns Figma and Quant-UX designs into fully functional VUE applications. By ensuring that the

Klaus Schaefers 121 Jul 27, 2021
🌟 DataFormsJS 🌟 A minimal JavaScript Framework and standalone React and Web Components for rapid development of high quality websites and single page applications.

?? Welcome to DataFormsJS! Thanks for visiting! ?? ?? ?? ?? ?? ?? 中文 (简体) 欢迎来到 DataFormsJS Español Bienvenido a DataFormsJS Português (do Brasil) Bem

DataFormsJS 108 Jul 8, 2021
A repository to bootstrap Figma low code projects

Figma-Low-Code Figma-Low-Code is an OpenSource project, that allows to use Figma designs directly in VUE.js applications. The low code approach reduce

Klaus Schaefers 418 Jul 23, 2021
Very simple, yet powerful, vue emoji picker 🎉🔥🚀

Highly-customizable emoji picker for Vue 2 Table of contents Demo Installation With npm With a CDN Import With an ES6 bundler (via npm) Use per compon

Dariusz Czajkowski 233 Jul 21, 2021
A Vuetify ready Vue.js autosuggest component for the Google Places API.

Vuetify Google Autocomplete A Vuetify ready Vue.js (2.x) autosuggest component for the Google Maps Places API. Versions Latest Beta: 2.0.0-beta.8 Late

Madimetja Shika 93 Jan 28, 2021
Matteo Bruni 2.1k Jul 26, 2021