Help requested on validating the QR code!
Closed this issue · 3 comments
The encryption part of this qr code seems to use IRMA. It looks like the mobile Android and iOS app use a library called Gabi for this.
This struct seems to be populated based on records from the deserialized ASN.1 data. This data is then somehow magically mixed in this function by Gabi which then somehow proves that the data is valid or not.
I'm not sure how to tackle this in Python. This stuff seems pretty bleeding edge and I'm not sure if this can be implemented with encryption primitives from e.g. libs like cryptography or openssl.
I've found out a bit more. It seems like the gabi lib in the post above is the wrong version. The right version as used by the CoronaCheck scanner app can be found here. I'm investigating if it is possible to build it as a c library and interface with it through CFFI to validate the records in the QR.
I've managed to build a small wrapper around the mobilecore library as used by the coronacheck Android and iOS apps. This will definitely need improvement before it's merged and it'll be messy as it requires platform and arch native binary blobs but I'm getting closer to integrating validation into the tool.
Validation of the qr is implemented.