From 8e2311a8dd5a1f9cb743f19281de1c48bfb9c73c Mon Sep 17 00:00:00 2001 From: Billy Lo Date: Fri, 27 Aug 2021 01:26:44 -0400 Subject: [PATCH 1/4] Update for Ontario specifics --- README.md | 50 +++++++++++++++----------------------------------- 1 file changed, 15 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index 894d1d2..0440fbc 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,23 @@ -![CovidPass](https://covidpass.marvinsextro.de/thumbnail.png) +![Grassroots](https://covidpass.marvinsextro.de/thumbnail.png) -This web app offers the ability to add your EU Digital Covid Vaccination Certificates as a pass into your favorite wallet apps on iOS/watchOS or Android/wearOS. CovidPass accomplishes this without sending your data to a server and instead only uses a hashed representation for the signing step. +This web app offers the ability to add your Ontario Vaccination Receipt as a pass into your Apple Wallet on iOS. Grassroots accomplishes this without sending your data to a server and instead only uses a hashed representation for the signing step. # Getting started -If you want to add your vaccination certificate into your wallet with CovidPass, there are two main options. +If you want to add your vaccination certificate into your wallet with Grassroots, there are two main options. -* Use the [CovidPass web app](https://covidpass.marvinsextro.de) hosted by us -* Use your own Apple Developer Certificate to generate a pass +* Use the [Grassroots web app](https://grassroots.vaccine-ontario.ca) -Note that the latter option requires you to have an [Apple Developer Account](https://developer.apple.com) and is a more complicated process. +Here is a [demo](https://www.youtube.com/watch?v=AIrG5Qbjptg) # Quick start ## Using our service -* Go to [https://covidpass.marvinsextro.de](https://covidpass.marvinsextro.de) -* Select or scan the screenshot/PDF with the QR code -* Pick a background color -* Add your certificate to the wallet - -## Running it yourself - -Note that the following options do not have support for actually converting your certificates as they lack the API connection for the signing step. -You can read about how you can use your own Apple Developer Certificate in the chapter below. +* Go to [https://grassroots.vaccine-ontario.ca](https://grassroots.vaccine-ontario.ca) +* Click Ontario Health to download your vaccination receipt onto your iPhone +* Select File, Browse, your-vaccine-receipt.pdf +* Add to the wallet ### Debug the web app @@ -39,10 +33,6 @@ docker build . -t covidpass docker run -t -i -p 3000:3000 covidpass ``` -### Deploy on your own server - -We have a [separate repository](https://github.com/covidpass-org/docker-compose) containing a docker-compose file which you can use for your own deployment of CovidPass. - # FAQ #### I do not want to trust a third party with my vaccination data, what makes this a secure option? @@ -53,14 +43,6 @@ Processing of your data happens entirely in your browser and only a hashed repre Navigate to the "TouchID & Code" or "FaceID & Code" or just "Code" section in the Settings and switch the toggle to off for Wallet in the section "Allow access from the lock screen". Also see [this official guide](https://support.apple.com/guide/iphone/control-access-information-lock-screen-iph9a2a69136/ios) from Apple. -#### Why don't the official apps offer this feature? - -The official apps like [Corona-Warn-App](https://github.com/corona-warn-app/cwa-app-ios) have decided against this feature due to security concerns. For example, this was discussed [here](https://github.com/eu-digital-green-certificates/dgca-wallet-app-ios/issues/69) or [here](https://github.com/corona-warn-app/cwa-app-ios/issues/2965). - -#### Why is my certificate not recognized? - -We are in an early development stage and actively working on improving support for all EU countries. Feel free to create an issue describing the problem you faced. - # Using your own Apple Developer Certificate ## Get your certificate @@ -91,9 +73,9 @@ The whole process of generating the pass file happens locally in your browser. F First, the following steps happen locally in your browser: -* Recognizing and extracting the QR code data from your selected certificate -* Decoding your personal and health-related data from the QR code payload -* Assembling an incomplete pass file out of your data +* Validating the digital signature on the receipt to ensure it's authentic +* Decoding your vaccination event data from the PDF file +* Assembling a pkpass file out of your data * Generating a file containing hashes of the data stored in the pass file * Sending only the file containing the hashes to the server @@ -108,14 +90,12 @@ Finally, the following steps happen locally in your browser: * Assembling the signed pass file out of the incomplete file generated locally and the signature * Saving the file on your device -# Privacy policy of our service - -You can find the full privacy policy of our service [here](https://covidpass.marvinsextro.de/privacy). - # Credits The idea for this web app originated from the [solution of an Austrian web developer](https://coronapass.fabianpimminger.com), which only works for Austrian certificates at the moment. +The main codebase is forked from [covidpass](https://github.com/covidpass-org/covidpass) + # Contribute -Any contribution to this project is welcome. Feel free to leave your suggestions, issues or pull requests. We are also looking for people to translate this web app for all EU countries. +Any contribution to this project is welcome. Feel free to leave your suggestions, issues or pull requests. From a5903b20a9accc4496b40b58769f1cdf76c6cfcc Mon Sep 17 00:00:00 2001 From: Billy Lo Date: Fri, 27 Aug 2021 01:27:22 -0400 Subject: [PATCH 2/4] fix logo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0440fbc..edb0bcc 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Grassroots](https://covidpass.marvinsextro.de/thumbnail.png) +# Grassroots This web app offers the ability to add your Ontario Vaccination Receipt as a pass into your Apple Wallet on iOS. Grassroots accomplishes this without sending your data to a server and instead only uses a hashed representation for the signing step. From 6fa29a501c0b94608068ce01c047d200d8587059 Mon Sep 17 00:00:00 2001 From: Billy Lo Date: Fri, 27 Aug 2021 01:28:40 -0400 Subject: [PATCH 3/4] fix titles --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index edb0bcc..32ecc48 100644 --- a/README.md +++ b/README.md @@ -2,13 +2,13 @@ This web app offers the ability to add your Ontario Vaccination Receipt as a pass into your Apple Wallet on iOS. Grassroots accomplishes this without sending your data to a server and instead only uses a hashed representation for the signing step. +Here is a [demo](https://www.youtube.com/watch?v=AIrG5Qbjptg) + # Getting started If you want to add your vaccination certificate into your wallet with Grassroots, there are two main options. -* Use the [Grassroots web app](https://grassroots.vaccine-ontario.ca) - -Here is a [demo](https://www.youtube.com/watch?v=AIrG5Qbjptg) +* Visit [https://grassroots.vaccine-ontario.ca](https://grassroots.vaccine-ontario.ca) # Quick start From bfdef3153fce4df20b323020f042cdc1b3372d7d Mon Sep 17 00:00:00 2001 From: Billy Lo Date: Fri, 27 Aug 2021 10:33:10 -0400 Subject: [PATCH 4/4] minor adjustment --- README.md | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 32ecc48..d400c0b 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,13 @@ # Grassroots -This web app offers the ability to add your Ontario Vaccination Receipt as a pass into your Apple Wallet on iOS. Grassroots accomplishes this without sending your data to a server and instead only uses a hashed representation for the signing step. +This web-based tool allows you to add your Ontario Vaccination Receipt as a pass into your Apple Wallet on iOS in a privacy-respecting way. It achieves this without sending your data to a server and instead only uses a hashed representation for the signing step. Here is a [demo](https://www.youtube.com/watch?v=AIrG5Qbjptg) -# Getting started - -If you want to add your vaccination certificate into your wallet with Grassroots, there are two main options. - -* Visit [https://grassroots.vaccine-ontario.ca](https://grassroots.vaccine-ontario.ca) - # Quick start -## Using our service - * Go to [https://grassroots.vaccine-ontario.ca](https://grassroots.vaccine-ontario.ca) -* Click Ontario Health to download your vaccination receipt onto your iPhone +* Click Ontario Health to download your vaccination receipt onto your iPhone (local storage) * Select File, Browse, your-vaccine-receipt.pdf * Add to the wallet @@ -35,15 +27,15 @@ docker run -t -i -p 3000:3000 covidpass # FAQ -#### I do not want to trust a third party with my vaccination data, what makes this a secure option? +#### I do not want to trust a third party with my vaccination data, does this tool respect my privacy? -Processing of your data happens entirely in your browser and only a hashed representation is sent to the server for the signing step. +Processing of your data happens entirely in your mobile browser and only a hashed representation is sent to the server for the signing step. #### How do I make sure that nobody can access my vaccination pass from the lock screen (iOS)? Navigate to the "TouchID & Code" or "FaceID & Code" or just "Code" section in the Settings and switch the toggle to off for Wallet in the section "Allow access from the lock screen". Also see [this official guide](https://support.apple.com/guide/iphone/control-access-information-lock-screen-iph9a2a69136/ios) from Apple. -# Using your own Apple Developer Certificate +# Using your own Apple Developer Certificate (if you would like to fork this project and run it yourself) ## Get your certificate @@ -60,7 +52,6 @@ Navigate to the "TouchID & Code" or "FaceID & Code" or just "Code" section in th * Create a `keys` folder and put the .p12 file inside * Run ./passkit-keys `` * You may have to type in the passphrase you defined during the export step -* Base64 encode the contents of the newly generated .pem file inside the keys folder ## Run the API locally @@ -73,8 +64,8 @@ The whole process of generating the pass file happens locally in your browser. F First, the following steps happen locally in your browser: -* Validating the digital signature on the receipt to ensure it's authentic -* Decoding your vaccination event data from the PDF file +* Validating the digital signature on the receipt from Ontario Health to ensure it's authentic +* Decoding your vaccination event data from the PDF file (e.g. date, type of vaccine, dose #, organization who administered it * Assembling a pkpass file out of your data * Generating a file containing hashes of the data stored in the pass file * Sending only the file containing the hashes to the server @@ -94,8 +85,8 @@ Finally, the following steps happen locally in your browser: The idea for this web app originated from the [solution of an Austrian web developer](https://coronapass.fabianpimminger.com), which only works for Austrian certificates at the moment. -The main codebase is forked from [covidpass](https://github.com/covidpass-org/covidpass) +The main codebase is forked from [covidpass](https://github.com/covidpass-org/covidpass) and added Ontario specifcs. # Contribute -Any contribution to this project is welcome. Feel free to leave your suggestions, issues or pull requests. +Contributions to this project is welcome. Feel free to leave your suggestions, issues or pull requests.