Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for CA/NY/LA/VA/HI/UT/NJ/MN/DE/CT/NV/NM/OK/KY/GU/MP/YT/BC/SK/AB/NT/NS/MB/ON/NL/PE/Cayman Islands vaccine records, other changes #6

Open
wants to merge 40 commits into
base: main
Choose a base branch
from
Open

Add support for CA/NY/LA/VA/HI/UT/NJ/MN/DE/CT/NV/NM/OK/KY/GU/MP/YT/BC/SK/AB/NT/NS/MB/ON/NL/PE/Cayman Islands vaccine records, other changes #6

wants to merge 40 commits into from

Commits on Jun 19, 2021

  1. Webapp: make signature verification optional

    @steven676
    steven676 committed Jun 19, 2021
    Configuration menu
    Copy the full SHA
    e439c85 View commit details
    Browse the repository at this point in the history

  2. Move issuer public key into a separate module 

    This is in preparation for the ability to handle multiple issuers.
    @steven676
    steven676 committed Jun 19, 2021
    Configuration menu
    Copy the full SHA
    394fae8 View commit details
    Browse the repository at this point in the history

  3. decodeJWS(): return the entire decoded blob, not just the vaccination… 

    … record

We'll need this to detect the issuer.
    @steven676
    steven676 committed Jun 19, 2021
    Configuration menu
    Copy the full SHA
    3fabaa2 View commit details
    Browse the repository at this point in the history

  4. Use the issuer field of the SHC to select signing keys for verification 

    This will allow us to verify SHCs from multiple issuers.  Note that this
requires decoding the data before verifying it; this is probably a bad
idea (similar to violating Moxie Marlinspike's rule of thumb that MAC
verification should come before any other receive-side operations in a
protocol [1]), but well, we're stuck with this format ...

[1] https://moxie.org/2011/12/13/the-cryptographic-doom-principle.html
    @steven676
    steven676 committed Jun 19, 2021
    Configuration menu
    Copy the full SHA
    ea88930 View commit details
    Browse the repository at this point in the history

  5. Add signing key for California Digital COVID-19 Vaccine Record 

    Key from https://myvaccinerecord.cdph.ca.gov/creds/.well-known/jwks.json:

$ sha256sum jwks.json
eb5d4bbea0734c205daf49c03e3013071c9edfd6232d24451fdfc27c6637df5f  jwks.json
    @steven676
    steven676 committed Jun 19, 2021
    Configuration menu
    Copy the full SHA
    16a4136 View commit details
    Browse the repository at this point in the history

  6. Display only verified data when signature verification is enabled

    @steven676
    steven676 committed Jun 19, 2021
    Configuration menu
    Copy the full SHA
    ab46873 View commit details
    Browse the repository at this point in the history

  7. Webapp: indicate in the output whether issuer signature was verified

    @steven676
    steven676 committed Jun 19, 2021
    Configuration menu
    Copy the full SHA
    a4ce839 View commit details
    Browse the repository at this point in the history

  8. Webapp: stop camera once a barcode is read

    @steven676
    steven676 committed Jun 19, 2021
    Configuration menu
    Copy the full SHA
    d40c8c6 View commit details
    Browse the repository at this point in the history

  9. Webapp: make debug logging slightly less repetitive

    @steven676
    steven676 committed Jun 19, 2021
    Configuration menu
    Copy the full SHA
    9eadbfe View commit details
    Browse the repository at this point in the history

  10. dump_shc.js: fix typo

    @steven676
    steven676 committed Jun 19, 2021
    Configuration menu
    Copy the full SHA
    73d2bc1 View commit details
    Browse the repository at this point in the history

  11. More robust error handling 

    In particular, try to handle cases where corrupt/invalid SMART health
cards, or things that aren't SHCs at all, are scanned.
    @steven676
    steven676 committed Jun 19, 2021
    Configuration menu
    Copy the full SHA
    b3f4284 View commit details
    Browse the repository at this point in the history

Commits on Sep 13, 2021

  1. dump_shc.js: ensure full contents of SMART health card are displayed 

    Node.js "helpfully" tries to reduce the amount of output when we pass
the decoded object to console.log(), so we need to pretty-print it
ourselves before displaying.  Fixes #2.  (Thanks to Dave Hughes for the
suggstion to use console.dir() to preserve the color-coding.)
    @steven676
    steven676 committed Sep 13, 2021
    Configuration menu
    Copy the full SHA
    a3f6260 View commit details
    Browse the repository at this point in the history

  2. Add signing key for New York State Excelsior Pass Plus 

    Key from https://ekeys.ny.gov/epass/doh/dvc/2021/.well-known/jwks.json:

$ sha256sum jwks.json
b1e12070123acae094fd0047ae4d6b2d8aabe2f1c592932a224e83b83c9d6e2e  jwks.json
    @steven676
    steven676 committed Sep 13, 2021
    Configuration menu
    Copy the full SHA
    a6844c1 View commit details
    Browse the repository at this point in the history

  3. Add signing key for state of Louisiana LA Wallet 

    Key from https://healthcardcert.lawallet.com/.well-known/jwks.json:

$ sha256sum jwks.json
fede561fb56d82e82df8a6e5f5f2679460b7a4051a927ec318decf686199b633  jwks.json
    @steven676
    steven676 committed Sep 13, 2021
    Configuration menu
    Copy the full SHA
    7e54626 View commit details
    Browse the repository at this point in the history

  4. Update Quebec vaccination proof iss and kid 

    Thanks to Raymond Ménard for these values.
    @steven676
    steven676 committed Sep 13, 2021
    Configuration menu
    Copy the full SHA
    b188683 View commit details
    Browse the repository at this point in the history

  5. Add signing key for Yukon proof of Covid-19 vaccination 

    Key from https://pvc.service.yukon.ca/issuer/.well-known/jwks.json:

$ sha256sum jwks.json
22e4ad57812178ed419aab7fcbd2c39d083f043b8e9f109e0654436584647ce8  jwks.json

(Found through the-commons-project/vci-directory#60.)
    @steven676
    steven676 committed Sep 13, 2021
    Configuration menu
    Copy the full SHA
    3db3c30 View commit details
    Browse the repository at this point in the history

  6. Add signing key for BC Vaccine Card 

    Key from https://smarthealthcard.phsa.ca/v1/issuer/.well-known/jwks.json:

$ sha256sum jwks.json
dc6c1e25fecbaa4362cd17ede14e862071bc5a0bd74085b7f37a2d369c61e810  jwks.json

With thanks to Mitch Brown and Dave Hughes; closes fproulx#14.
    @steven676
    steven676 committed Sep 13, 2021
    Configuration menu
    Copy the full SHA
    7cee503 View commit details
    Browse the repository at this point in the history

Commits on Sep 30, 2021

  1. Add signing key for Virginia QR code vaccination records 

    Key from https://apps.vdh.virginia.gov/credentials/.well-known/jwks.json:

$ sha256sum jwks.json
f59ca9bdf677a1476ccf1fb044af24341f3997f9de2f0a83023f23c40a4f0b34  jwks.json

(Found via the-commons-project/vci-directory#92.)
    @steven676
    steven676 committed Sep 30, 2021
    Configuration menu
    Copy the full SHA
    ef58462 View commit details
    Browse the repository at this point in the history

  2. Add signing key for Hawaii SMART Health Card 

    Key from https://travel.hawaii.gov/.well-known/jwks.json:

$ sha256sum jwks.json
64e684830c7d008439a577597126ec5074a966454afb39c9296fb2a8585f7a83  jwks.json
    @steven676
    steven676 committed Sep 30, 2021
    Configuration menu
    Copy the full SHA
    7b46943 View commit details
    Browse the repository at this point in the history

  3. Add signing key for eHealth Saskatchewan QR code vaccination records 

    Saskatchewan appears to have two separate issuers with different signing
keys:

From https://skphr.prd.telushealthspace.com/.well-known/jwks.json:

$ sha256sum jwks.json
96780162f06da7a43218b5fbbb23d8af904c22b8e61717a93435364035770cb4  jwks.json

From https://commons.ehealthsask.ca/.well-known/jwks.json:

$ sha256sum jwks.json
d3c6694b07a74a7954ee63f26c6e8c5c1f2901c9380d80afc032f6b116a0a96b  jwks.json

(Found via the-commons-project/vci-directory#99.)
    @steven676
    steven676 committed Sep 30, 2021
    Configuration menu
    Copy the full SHA
    348f3fb View commit details
    Browse the repository at this point in the history

Commits on Oct 9, 2021

  1. Add Alberta public keys

    @peacey
    peacey committed Oct 9, 2021
    Configuration menu
    Copy the full SHA
    0bcd47e View commit details
    Browse the repository at this point in the history

Commits on Oct 16, 2021

  1. Add signing key for NT 

    [[email protected]: key from https://www.hss.gov.nt.ca/covax/.well-known/jwks.json:
$ sha256sum jwks.json
cf70c7a7405ebbdc99034bb2304c8b19efbb009e759665f620498a9aa00f5b79  jwks.json]
    @lukasbeckerit
    lukasbeckerit authored Oct 16, 2021
    Configuration menu
    Copy the full SHA
    68fd929 View commit details
    Browse the repository at this point in the history

  2. Merge "Add Alberta public keys" 

    Verified by disassembling Alberta's verifier Android app [1], as Alberta
has yet to publish its key to the location specified in the standard.
Additional thanks to /u/YegThrowawayWasTaken on Reddit.

[1] https://play.google.com/store/apps/details?id=ca.ab.gov.covidrecordsverifier
    @steven676
    steven676 committed Oct 16, 2021
    Configuration menu
    Copy the full SHA
    9b9745c View commit details
    Browse the repository at this point in the history

  3. Add signing key for Nova Scotia COVID-19 Proof of Vaccination 

    Key from https://pvc.novascotia.ca/issuer/.well-known/jwks.json:

$ sha256sum jwks.json
8c78b49846b9f86e66b56c6d3a756c08e4a6bce8ff555f3b6dd7039e49847cc0  jwks.json

(Found via the-commons-project/vci-directory#185.)
    @steven676
    steven676 committed Oct 16, 2021
    Configuration menu
    Copy the full SHA
    fad88e3 View commit details
    Browse the repository at this point in the history

  4. Add signing key for Docket immunization records for Utah 

    Utah outsources Covid-19 digital vaccine records to Docket [1].

Key from https://docket.care/ut/.well-known/jwks.json:

$ sha256sum jwks.json
15babf40deb6ecd73c9cdf252324eaef34bd042dfafb89dcbbba52dea303b708  jwks.json

(Found via the-commons-project/vci-directory#191.)

[1] https://immunize.utah.gov/usiis/usiis-parents-individuals/
    @steven676
    steven676 committed Oct 16, 2021
    Configuration menu
    Copy the full SHA
    9d0bf13 View commit details
    Browse the repository at this point in the history

  5. Add signing key for Docket immunization records for New Jersey 

    New Jersey outsources Covid-19 digital vaccine records to Docket [1].

Key from https://docket.care/nj/.well-known/jwks.json:

$ sha256sum jwks.json
9705c17aa5a4ceac5493f69b4dc04e703955dc7b690e7534d66231d759179063  jwks.json

(Found via the-commons-project/vci-directory#191.)

[1] https://covid19.nj.gov/faqs/nj-information/slowing-the-spread/consumer-access-to-covid-19-immunization-records-with-docket-faqs
    @steven676
    steven676 committed Oct 16, 2021
    Configuration menu
    Copy the full SHA
    74124e0 View commit details
    Browse the repository at this point in the history

  6. Add signing key for Manitoba Covid-19 immunization card 

    Key from https://immunizationcard.manitoba.ca/api/national/.well-known/jwks.json:

$ sha256sum jwks.json
0a6388ba092f9aa8460769d170157a4af4c5f80e70166c92a005131522a67335  jwks.json

(Found via the-commons-project/vci-directory#192.)
    @steven676
    steven676 committed Oct 16, 2021
    Configuration menu
    Copy the full SHA
    299cf28 View commit details
    Browse the repository at this point in the history

  7. Add signing key for Ontario Covid-19 enhanced vaccination certificate 

    Key from https://prd.pkey.dhdp.ontariohealth.ca/.well-known/jwks.json:

$ sha256sum jwks.json
a9411fca67636f80260d805b2468980a62f2c309cfcf4e5e9386fdc23a94b2e2  jwks.json

(Found via billylo1/covidpass@bd2ec1a;
with thanks to the grassroots vaccine pass team (@grassroots_team on
Twitter)).
    @steven676
    steven676 committed Oct 16, 2021
    Configuration menu
    Copy the full SHA
    e2581de View commit details
    Browse the repository at this point in the history

  8. Add signing key for Cayman Islands Health Services Authority vaccinat… 

    …ion records

The Cayman Islands appears to use Cerner's electronic medical records
system for all health records, including Covid-19 vaccine records [1].

Key from https://fhir-myrecord.cerner.com/r4/QGFlV8qKdgYu-vPpMAoQW5U4Jb7riiI2/.well-known/jwks.json:

$ sha256sum jwks.json
276845f41ed6cda6c224350649c46fbb22346325f9e53ff183987236bc68dd96  jwks.json

[1] https://www.hsa.ky/our-services/patient-portal-info/
    @steven676
    steven676 committed Oct 16, 2021
    Configuration menu
    Copy the full SHA
    ba57e47 View commit details
    Browse the repository at this point in the history

  9. Add signing key for Docket immunization records for Minnesota 

    Minnesota outsources Covid-19 digital vaccine records to Docket [1].

Key from https://docket.care/mn/.well-known/jwks.json:

$ sha256sum jwks.json
d8b09156d15628dfdf411cdba45671b33bd3151eb889aafe0e720919408db44e  jwks.json

[1] https://www.health.state.mn.us/people/immunize/miic/records.html
    @steven676
    steven676 committed Oct 16, 2021
    Configuration menu
    Copy the full SHA
    e467593 View commit details
    Browse the repository at this point in the history

Commits on Oct 17, 2021

  1. Add signing key for Newfoundland and Labrador Covid-19 vaccination re… 

    …cord

Key from https://www.gov.nl.ca/covid-19/life-during-covid-19/vaccination-record/prod/.well-known/jwks.json:

$ sha256sum jwks.json
66684693005b6f45a1443b53322677e5c385727487f46ebae6a642e3244d1b28  jwks.json

With thanks to GitHub user @craftxbox; closes fproulx#17.
    @steven676
    steven676 committed Oct 17, 2021
    Configuration menu
    Copy the full SHA
    367de5a View commit details
    Browse the repository at this point in the history

Commits on Oct 25, 2021

  1. Add signing key for Delaware DelVAX immunization records 

    Delaware appears to use Envision Technology's WebIZ platform [1] for
tracking immunization records.

Key from https://smarthealthcard.iisregistry.net/delaware/issuer/.well-known/jwks.json:

$ sha256sum jwks.json
1f3e96e5a653a0c7ef5c33b3a6f85282ce2605516bb9db9569e8c48e8d830857  jwks.json

(Found via the-commons-project/vci-directory#215.)

[1] https://envisiontechnology.com/products/
    @steven676
    steven676 committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    fcc0b32 View commit details
    Browse the repository at this point in the history

  2. Add signing key for Connecticut CT WiZ immunzation records 

    Connecticut appears to use Envision Technology's WebIZ platform [1] for
tracking immunization records.

Key from https://smarthealthcard.iisregistry.net/connecticut/issuer/.well-known/jwks.json:

$ sha256sum jwks.json
4120c091b645e921943b9cf95285797741e60ae003d0df710fbfa7d861e59a7c  jwks.json

(Found via the-commons-project/vci-directory#222.)

[1] https://envisiontechnology.com/products/
    @steven676
    steven676 committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    478b118 View commit details
    Browse the repository at this point in the history

  3. Add signing key for Nevada WebIZ immunization records 

    Nevada appears to use Envision Technology's WebIZ platform [1] for
tracking immunization records.

Key from https://smarthealthcard.iisregistry.net/nevada/issuer/.well-known/jwks.json:

$ sha256sum jwks.json
2f503c6a35c59e8426d202a4be136b60f89f00a733b2a976ba548711f964999c  jwks.json

(Found via the-commons-project/vci-directory#226.)

[1] https://envisiontechnology.com/products/
    @steven676
    steven676 committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    0ff2f21 View commit details
    Browse the repository at this point in the history

  4. Add signing key for New Mexico VaxViewNM immunization records 

    New Mexico appears to use Envision Technology's WebIZ platform [1] for
tracking immunization records.

Key from https://smarthealthcard.iisregistry.net/newmexico/issuer/.well-known/jwks.json:

$ sha256sum jwks.json
29a5fa3373b91bc5154c8939813da6fae3b4ce7ab795e83b0e0b523b882062d0  jwks.json

(Found via the-commons-project/vci-directory#227.)

[1] https://envisiontechnology.com/products/
    @steven676
    steven676 committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    4dd29ed View commit details
    Browse the repository at this point in the history

  5. Add signing key for Oklahoma State Immunization Information System (O… 

    …SIIS) records

Oklahoma appears to use Envision Technology's WebIZ platform [1] for
tracking immunization records.

Key from https://smarthealthcard.iisregistry.net/oklahoma/issuer/.well-known/jwks.json:

$ sha256sum jwks.json
6e842d2d805b90ec9211594f502f01217c2ddbefc61f9d15056e5043c594e600  jwks.json

(Found via the-commons-project/vci-directory#228.)

[1] https://envisiontechnology.com/products/
    @steven676
    steven676 committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    751689a View commit details
    Browse the repository at this point in the history

  6. Add signing key for CNMI Immunization Registry records 

    The Northern Mariana Islands appear to use Envision Technology's WebIZ
platform [1] for tracking immunization records.

Key from https://smarthealthcard.iisregistry.net/cnmi/issuer/.well-known/jwks.json:

$ sha256sum jwks.json
9e701b6b4703ed83b36541c51e4317d04e50f3b1ad82344feb907ad6e30ea193  jwks.json

(Found via the-commons-project/vci-directory#229.)

[1] https://envisiontechnology.com/products/
    @steven676
    steven676 committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    78d5cf8 View commit details
    Browse the repository at this point in the history

  7. Add signing key for Guam Immunization Registry (GuWebIZ) records 

    Guam appears to use Envision Technology's WebIZ platform [1] for
tracking immunization records.

Key from https://smarthealthcard.iisregistry.net/guam/issuer/.well-known/jwks.json:

$ sha256sum jwks.json
225040d69245b29d19ffb762184ce9ac592450042d962252cb810b95827598f4  jwks.json

(Found via the-commons-project/vci-directory#230.)

[1] https://envisiontechnology.com/products/
    @steven676
    steven676 committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    6a3ad43 View commit details
    Browse the repository at this point in the history

  8. Add signing key for Kentucky Immunization Registry records 

    Kentucky appears to use Envision Technology's WebIZ platform [1] for
tracking immunization records.

Keys from https://smarthealthcard.iisregistry.net/kentucky/issuer/.well-known/jwks.json:

$ sha256sum jwks.json
7be3f7da7e3b309d238a75c68cad8a4b9c4c835dcdcb56ad5f8624c14dc67e0b  jwks.json

(Found via the-commons-project/vci-directory#231.)

[1] https://envisiontechnology.com/products/
    @steven676
    steven676 committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    b4b4b01 View commit details
    Browse the repository at this point in the history

  9. Add signing key for Prince Edward Island PEIVaxPass Covid-19 vaccinat… 

    …ion record

Keys from https://pvcprod.gov.pe.ca/.well-known/jwks.json:

$ sha256sum jwks.json
67ebfe49451fc583c9c92bf9f75d480df5e63a1530a6b88009632c5809732e13  jwks.json

(Found via billylo1/covidpass@901c61d;
with thanks to the grassroots vaccine pass team (@grassroots_team on
Twitter)).
    @steven676
    steven676 committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    f972cf8 View commit details
    Browse the repository at this point in the history