A Electronic Health Certificate contains health information (vaccinations, test results, recovery statements) about a specific person (subject). The information is electronically signed by the issuer (e.g. a country). It also contains information about issuing country, signing key identifier, time of issuing and expiration time.
The initial specification defines two transport encodings:
-
Raw is used in APIs and contains a "CBOR Web Token" (CWT) as defined in RFC 8392. It is used mainly by APIs, but could also be used for binary transports like NFC and BLE.
-
Barcode is used for mobile apps and paper and contains a Base45 encoded compressed CWT. This encoding is not be used outside the optical transport context, and should be decoded and decompressed after scanning.
In order to verify a Health Certificate, the following components are required:
- A health certificate (normally scanned from Aztec or QR)
- A list of trusted signing keys together with issuer information
- A validation policy describing whether a health certificate is acceptable or not
- Scan and decode
- Scan optical code (Aztec or QR)
- Check for leading "HC1" preamble
- Decode remaining payload (including spaces) using Base45
- Decompress decoded data (the decoded data includes a compression header)
- Check CWT
- Parse decompressed data as a CWT
- Verify CWT against all trusted keys (using kid from CWT protected as hint)
- Find issuer metadata in list of trusted keys
- Check CWT claims (
iat/exp)
- Extract CWT
hcertclaim - Check Health Certificate payload
- Match Health Certificate subject with physical person (identity check)
- Evaluate Health Certificate (vaccination, test results, recovery statement)
This document was originally authored by jschlyter in the github wiki and was moved to the main github repository by the team to ensure that it is properly archived.