Hacker News new | past | comments | ask | show | jobs | submit login

Couldn't someone just generate a fake QR code with their name and DOB on it?



IIUC the data in the QR code is signed, the article mentions it but doesn't show the signature.


DCC (Digital Covid Certificate it's called, not Digital Green Pass) is essentially a spec for a QR code (as demonstrated nicely in this post) + an EU signing gateway which is used for signing the certificates. The EU acts similar to a CA in case of SSL certificates.


At the very least it should be signed. Also, the issuing authority is on there so it should be possible to verify the information if necessary too.


They could also produce a fake vaccination booklet, or fake Covid test result. I'd guess both of these would be easier. All will result in forgery charges if caught. I think the chosen approach is pretty solid for the purpose.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: