Questa web app offre la possibilità di aggiungere i vostri certificati di vaccinazione digitale Covid dell'UE come pass nelle vostre app preferite di wallet su iOS/watchOS o Android/wearOS.
Go to file
Ryan Slobojan a1df511754 Bump rev to 2.2.5 2021-10-25 17:41:29 -04:00
.github Create FUNDING.yml 2021-07-26 00:53:58 +02:00
components Bump rev to 2.2.5 2021-10-25 17:41:29 -04:00
examples Fix Oklahoma issuer URL, add Kentucky, add PEI example decoded SHC 2021-10-23 17:30:33 -04:00
pages Merge branch 'main' of github.com:billylo1/covidpass into main 2021-10-25 13:57:15 -04:00
public Merge branch 'main' of github.com:billylo1/covidpass into main 2021-10-25 13:57:15 -04:00
src Bump rev to 2.2.5 2021-10-25 17:41:29 -04:00
.dockerignore Initial commit 2021-06-25 12:18:25 +02:00
.env.local ready for deployment to main 2021-10-24 13:28:13 -04:00
.env.production v1.9 - added support for versioning of registration functions to allow concurrent operations of v.Current and v.Next 2021-09-23 05:10:11 -04:00
.gitignore ready for deployment to main 2021-10-24 13:28:13 -04:00
Dockerfile Use yarn in dockerfile 2021-07-03 12:02:23 +02:00
LICENSE Add license 2021-06-26 15:39:04 +02:00
README.md Merge remote-tracking branch 'origin/main' into shc-refactoring 2021-10-10 19:06:41 -04:00
SETUP.md updates 2021-09-27 22:47:42 -04:00
Vagrantfile More Sentry fixes and app error handling 2021-10-06 16:24:35 -04:00
build.sh updated link to new iOS demo 2021-10-22 16:57:08 -04:00
build2.sh 1.8 finally working 2021-09-19 12:21:59 -04:00
checkmark.png added logic to register a serialNumber for better checking 2021-08-31 16:46:31 -04:00
deploy.sh updated link to new iOS demo 2021-10-22 16:57:08 -04:00
next-env.d.ts deployed version - 1.10.0 after merge and a few fixes 2021-10-14 23:07:52 -04:00
next-i18next.config.js removed unused localization files and fixed build errors 2021-09-12 14:26:31 -04:00
next-seo.config.js Prepare for localization 2021-07-02 20:55:26 +02:00
next.config.js 1.8 finally working 2021-09-19 12:21:59 -04:00
on-vm-onetime-setup.sh More Sentry fixes and app error handling 2021-10-06 16:24:35 -04:00
package-lock.json alpha test 2021-10-24 08:29:07 -04:00
package.json Bump rev to 2.2.5 2021-10-25 17:41:29 -04:00
patch-arrayBuffer.js version 1.4 - added FAQ and Save as Photo functionalities 2021-09-09 00:27:43 -04:00
postcss.config.js Initial commit 2021-06-25 12:18:25 +02:00
setup-dev-env.sh More Sentry fixes and app error handling 2021-10-06 16:24:35 -04:00
sync.sh More Sentry fixes and app error handling 2021-10-06 16:24:35 -04:00
tailwind.config.js turn off dark mode for now until fix 2021-10-24 21:41:11 -04:00
tsconfig.json Transition to typescript 2021-07-01 00:49:05 +02:00

README.md

Grassroots

This web-based tool allows you to add your Ontario Vaccination Receipt as a pass into your Apple Wallet on iOS in a privacy-respecting way. It achieves this without sending your data to a server and instead uses a hashed representation for the signing step.

Here is a demo

Quick start

  • Go to https://grassroots.vaccine-ontario.ca
  • Click Ontario Health to download your vaccination receipt onto your iPhone (local storage)
  • Select File, Browse, your-vaccine-receipt.pdf
  • Add to the wallet

Debug the web app

yarn install
yarn dev

Run the Docker container

docker build . -t covidpass -t gcr.io/broadcast2patients/covidpass
docker run --rm -t -i -p 3000:3000 covidpass

Integration with other repos required

setup.md has the details on how to bring the components together.

FAQ

I do not want to trust a third party with my vaccination data, does this tool respect my privacy?

Processing of your data happens entirely in your browser and only a hashed representation is sent to the server for the signing step. For more details of this, please see https://toronto.ctvnews.ca/video?clipId=2294461

How do I make sure that nobody can access my vaccination pass from the lock screen (iOS)?

Navigate to the "TouchID & Code" or "FaceID & Code" or just "Code" section in the Settings and switch the toggle to off for Wallet in the section "Allow access from the lock screen". Also see this official guide from Apple.

Using your own Apple Developer Certificate (if you would like to fork this project and run it yourself)

Get your certificate

  • Sign into your Apple Developer Account

  • Go to Certificates, Identifiers and Profiles

  • Register a new Pass Type Identifier under the Identifiers tab

  • Create a new Pass Type ID Certificate under the Certificates tab

  • Select your previously created Pass Type Identifier in the process

  • Move your new certificate to the My Certificates tab in the keychain

  • Export your certificate as a .p12 file

  • Install node.js and download the passkit-keys script

  • Create a keys folder and put the .p12 file inside

  • Run ./passkit-keys <path to your keys folder>

  • You may have to type in the passphrase you defined during the export step

Run the API locally

A description of how you can use your certificate locally with the API will be provided in the readme of the CovidPass API. To connect the web app to your local server, you have to set the API_BASE_URL environment variable accordingly.

Explanation of the process

The whole process of generating the pass file happens locally in your browser. For the signing step, a hashed representation of your data is sent to the server.

First, the following steps happen locally in your browser:

  • Validating the digital signature on the receipt from Ontario Health to ensure it's authentic
  • Decoding your vaccination event data from the PDF file (e.g. date, type of vaccine, dose #, organization who administered it
  • Assembling a pkpass file out of your data
  • Sending the serial number and vaccination event data for verification when the QR code is scanned.
  • Generating a file containing hashes of the data stored in the pass file
  • Sending only the file containing the hashes to the server

Second, the following steps happen on the server:

  • Receiving and checking the hashes which were generated locally
  • Signing the file containing the hashes
  • Sending the signature back

Finally, the following steps happen locally in your browser:

  • Assembling the signed pass file out of the incomplete file generated locally and the signature
  • Saving the file on your device

Logging

  • Sentry.io is used. Please put your DSN into your environment variable SENTRY_DSN at runtime to activate it.

Credits

The idea for this web app originated from the solution of an Austrian web developer, which only works for Austrian certificates at the moment.

The main codebase is forked from covidpass and added Ontario specifcs.

Contribute

Contributions to this project is welcome. Feel free to leave your suggestions, issues or pull requests.