Support certificates from other countries

[ThiefMaster]

When importing my German QR code it shows all the data, but also a "Certified with invalid signature" warning.

From what I understood there is a PKI with a Europe-wide root CA, so I guess it should be easily possible for the app to trust all certificates with signatures that can be tracked to that root CA.

[wglas85]

Same happens here with an Austrian Vaccination Certificate.
Please support foreign certificates.
TIA, Wolfgang

[wglas85]

Here is the QR code of my Austrian vaccination certificate, feel free to use it for testing purposes:
https://ecc.iteg.at/vw/COVID-19-vaccination-cert-AT-wglas.png
I will redraw this certificate from the Web Server on 2021-07-15.
This certificate is parsed and shown in the app, but "Certified with invalid signature" is shown.

[ThiefMaster]

@wglas85 please don't share it, you'll have "querdenker" and similar idiots use your QR code in the hopes there aren't ID checks

[wglas85]

If some developer downloaded the QR code, I would withdraw it from the server. And it's a temporarily valid first vaccination certificate and it's not the official PDF file...

[goebelUB]

The apps download the list of trusted public dynamically from our backend since app version 1.2. That is, the technical infrastructure is there, so no need to post any codes. In particular, we have access to codes from other countries' test environments.

The reason that the signature verification currently fails is that we don't yet have the other countries' public keys. There is an ongoing political process to be completed before Switzerland is allowed to sync public keys with the productive European Gateway.

[ThiefMaster]

I'm surprised the EU doesn't just make the public keys well... public. :D

[MDXDave]

It's working now 😄