Only send the manifest.json to the server for signing and assemble the pass locally about covidpass HOT 3 CLOSED

@KhaosT Thank you for your contribution! I looked into this and found some things to consider here.

If we only check the manifest.json, in theory everyone could generate any Apple Wallet pass. A modified trademark of the pass is prohibited by Apple and could lead to the revocation of my Apple Developer Certificate. See this excerpt from the Apple Developer Agreement.

To preserve the trademark, I suggest checking against the icon/logo hash on the server side. In order to preserve other static content of the pass, we would have to modify the structure of the pkpass file in some way, e.g by adding a json file of which we again check the hash on the server.

Another concern is that we do not verify the validity of the created vaccination certificate at the moment. This is something we would also have to do on the server and need the QR Code data for I believe. See this issue.

The best compromise would be to have the user opt in to validate the pass. In this case, the data would be sent to the server for validation and pass generation. If they opt out however, we would generate the pass in the browser and only check against the trademark and some static content if possible (e.g. a visible hint that the certificate may be invalid).

I am looking forward to your and the others ideas on this.

from covidpass.

To preserve the trademark, I suggest checking against the icon/logo hash on the server side.

I pushed it in this configuration now.

from covidpass.

Hi,

we transitioned the frontend to the new API written in C#.

The frontend generates the whole pass and only send the hashed pass.json to the server. This also includes the information about color because the icon hashes are different (either black or white icons).

from covidpass.