COVID-19 vaccination record / certificates

Forums › Health and fitness › COVID-19 vaccination record / certificates

1 | ... | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | ... | 42

597 posts

Ultimate Geek
+1 received by user: 143

Subscriber

#2815202 18-Nov-2021 12:36

Oblivian:

As I said, But that will be in the same vain as holding/sharing a piece of paper with one on it or a screenshot.

Since you haven't actually installed it yet. You likely won't realise why I mentioned it...

It requires biometric to reveal it. And has an active button at the bottom to identify details of the code and who issued it. Something a bit of paper and a screenshot can't.

If a manned check was in progress. Official wallet version isn't as easy exploited in that measure.

Already said above but that should not be trusted without verification. I have no doubt someone is already making a fake app that can be side loaded that will emulate the look entirely.

The important part of the covid passport system is the NZCP stored within the QR Code and the verification of this code. In order to fake a NZCP code and have it validate successfully you will need the signing key. Which as has also already been mentioned if this does leak the MOH can kill the signing key.

Geoff E

Oblivian

7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

#2815204 18-Nov-2021 12:42

Other tin foilers won't, but I'm not against membership (gym etc) having my face on a system and a custom self validation.

Walk up to scanner and monitor. Blip.. noise for validation. Pic lookup of my id/image staff facing

Save time of manual licence checks against it.
Though it poses an issue for single buyer's of multiple event tickets

kiwiharry

1064 posts

Uber Geek
+1 received by user: 476

ID Verified

Subscriber

#2815209 18-Nov-2021 12:55

I downloaded my pass yesterday.

So helping my older brother online a short time ago trying to get his pass added to his GPay Wallet. I decided to step through the entire process with him so I logged in and requested pass again. I took it all the way to the Add to Device prompt, but I purpously didn't add it. I then noticed my pass from yesterday had vanished from my homescreen. I clicked on link again in email and added it back in. Then noticed the exipry date update itself to 6 months from today so 18/05/22. It was 17/05/22.

I then ended up with 2 x passes in my GPay Wallet, each with a diferent expiry.

Is that a bug or is that how we renew before it expires?

If you can't laugh at yourself then you probably shouldn't laugh at others.

Oblivian

7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

#2815210 18-Nov-2021 12:59

There's a transparent policy reporting email for stuff like that..

mentalinc

3385 posts

Uber Geek
+1 received by user: 1025

Trusted

#2815211 18-Nov-2021 12:59

Technically it should revoke the older pass and it no longer validate?

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#2815214 18-Nov-2021 13:01

mentalinc:

Technically it should revoke the older pass and it no longer validate?

There is no process to invalidate passes since it is all offline and there is no CRL/OCSP capability as then the potential would be that you were being tracked by the government.

That was why the pass was kept to 6 months to keep things simple.

New World

Shop on-line at New World now for your groceries (affiliate link).

DS248

1702 posts

Uber Geek
+1 received by user: 771

Lifetime subscriber

#2815221 18-Nov-2021 13:23

JPNZ:

Whats the likelihood that boosters WILL be required in 6 months time when you need to apply for another vaccine certificate?

Quite likely - it's a moving target. As already starting to occur is some other countries as discussed in the CNN article below

https://edition.cnn.com/2021/11/17/world/coronavirus-newsletter-intl-17-11-21/index.html

"The definition of 'fully vaccinated' is changing to three Covid-19 doses"

FineWine

3115 posts

Uber Geek
+1 received by user: 2447

Trusted

Nurse (R)

Lifetime subscriber

#2815225 18-Nov-2021 13:27

Popped over to my elderly (mid 80's) inlaws yesterday to update their macOS. I took my paper vaccine pass & iPhone wallet pass to show them. They don't have mobile phones and only use their iMac for Skype, email & games. I had just started to show them the passes and say I will register them, when they said "all done". They had rung the 0800 222 478 which was in the paper. Got straight through. Their printed passes will be in the mail in a few days.

Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.

jamesrt

1668 posts

Uber Geek
+1 received by user: 948

ID Verified

Trusted

Lifetime subscriber

#2815302 18-Nov-2021 13:51

As an experiment, I tried to "add" (scan) the QR Code from the official PDF into Stocard; the app scanned the code, and it does use that to generate a QR code-based "card", and the QR Code does look very similar to the naked eye.

However when selecting that card, you just get ONLY the QR code - none of the other detail that is displayed in the Google Wallet (name, valid/expiry dates, etc) are shown - so whilst it may TECHNICALLY work, I'd imagine you'd get a lot of suspicious looks if you actually tried to use that out in the real world; because the whole thing is so visually different...

mentalinc

3385 posts

Uber Geek
+1 received by user: 1025

Trusted

#2815303 18-Nov-2021 13:53

But all the other bits are stored in the QR code...
So person validating can ask to see what they see on their validator app if wanting ID?

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

geocom

597 posts

Ultimate Geek
+1 received by user: 143

Subscriber

#2815306 18-Nov-2021 13:57

mentalinc:

But all the other bits are stored in the QR code...
So person validating can ask to see what they see on their validator app if wanting ID?

Would need to be another form of ID(unless you know who the person is) otherwise you could just use someone else's passport.

Geoff E

Dell

Shop now for Dell laptops and other devices (affiliate link).

wellygary

8816 posts

Uber Geek
+1 received by user: 5300

#2815310 18-Nov-2021 14:00

jamesrt:

As an experiment, I tried to "add" (scan) the QR Code from the official PDF into Stocard; the app scanned the code, and it does use that to generate a QR code-based "card", and the QR Code does look very similar to the naked eye.

However when selecting that card, you just get ONLY the QR code - none of the other detail that is displayed in the Google Wallet (name, valid/expiry dates, etc) are shown - so whilst it may TECHNICALLY work, I'd imagine you'd get a lot of suspicious looks if you actually tried to use that out in the real world; because the whole thing is so visually different...

Pretty sure that the name, valid/expiry dates, etc are embedded in the QR code also

The scanner sees that info from within the code, -

Its basically so they can look at you are say.... how old are you?... when were you born ?.. as a verification.. but in reality they are only gonna look for the green tick from the scanner,

I doubt anyone will care what the rest looks like... there are gonna be people with all sorts of bits of paper, laminated codes etc ,...

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#2815312 18-Nov-2021 14:01

jamesrt:

As an experiment, I tried to "add" (scan) the QR Code from the official PDF into Stocard; the app scanned the code, and it does use that to generate a QR code-based "card", and the QR Code does look very similar to the naked eye.

However when selecting that card, you just get ONLY the QR code - none of the other detail that is displayed in the Google Wallet (name, valid/expiry dates, etc) are shown - so whilst it may TECHNICALLY work, I'd imagine you'd get a lot of suspicious looks if you actually tried to use that out in the real world; because the whole thing is so visually different..

The data in the QR code is a CWT or COBE signed JWT. So if you read the spec you will see your code will be something like:

NZCP:/1/2KCEVIQEIVVWK6JNGEASN.....

And the value after /1/ is a Base32 encoded object that requires padding first to decode, then the CWT decoder to decode and validate the object is signed. So any QR decoders in "standard" wallets apps will decode it as the above.

evilengineer

466 posts

Ultimate Geek
+1 received by user: 367

#2815320 18-Nov-2021 14:20

dan:

that was not a smooth experience on my devices

failed to add on my Galaxy Note to the Pay App

-solution copy the link in the email and paste it into the chrome browser (was using firebox as default) then it finally added

Huawei P30 trying to add it sticks you in a browser loop where you cannot click "accept" it redirects to quickly before you can click it

-solution is to switch to the pay app manually after entering your phone password, and click accept

Man, that was a total mess!

I've just spent a good hour plus fighting with the Gpay link in the vaccine pass email, phone settings and the Google Pay app itself.

The link in the email flat out does not like Firefox!

Worked straight away when pasted into Chrome.

richms

29107 posts

Uber Geek
+1 received by user: 10222

Trusted

Lifetime subscriber

#2815325 18-Nov-2021 14:31

Done 3 more people at work, 2 iphones and one android. Absolutely no issues at all, added straight into the wallet on iphone and google pay for android when opening the link from the email. Only saw one too many requests prompt thru the whole process. I would say they have done an excellent job with this.

Richard rich.ms

1 | ... | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | ... | 42