Looking for an experienced developer to modify some existing open source apps (web and flutter) and add a printing function (see workflow below) also see this link for more information - [login to view URL]
Flutter: [login to view URL]
Web: [login to view URL] | [login to view URL]
All - [login to view URL]
High-level workflow: PLEASE READ EVERYTHING
1 - Scan QR pass
2 - Check validity -
- IF valid - run print command to a label printer (must support a couple) and print automatically, printing a custom layout
(must be editable) that consists of a logo and details captured from the QR code, like name, surname and a cutom status
- IF in-valid - print a custom message on screen
There are some considerations you should make when building your own verification apps:
Scanning the content of the QR code is the only way to confirm the pass has been issued by the Ministry of Health, and has not been tampered with.
Your verifier app can work offline after resolving the DID:WEB identifier and downloading a copy of the current public keys. Must check for updates frequently
Do NOT store any data of the scanned QR code, after printed data must be cleared!
Basic Verification steps
The specification contains a full summary of the steps required to verify an NZ COVID Pass. At a high level you should:
Decode the contents of the QR code, per the CWT standards (formal documentation TBC)
Check the iss field is an authorised issuer, based on the trusted issuers list.
Check the CWT header for the key id (kid) used to sign the pass. If not already cached, download the latest list of public keys by resolving the DID:WEB identifer in the iss field.
Confirm the digital signature is valid, using the resolved public key and CWT process
Confirm the exp date is in the future
Confirm the nbf date is in the past
Confirm the version number is above the minimum published and accepted version
Display the name/dob details for the human verifier to check, or check these against an existing identity record
QR Code structure
The QR code is assembled using existing open specifications.
Underlying data model based on W3C Verifiable Credentials
Each pass has an expiry date (exp) and not before date (nbf)
Issuer uses DID:WEB identifiers to resolve the public key used to verify the pass digital signature.
CBOR Web Token (CWT) is the cryptographic structure used to represent claims in the pass, which uses Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE). CWT is derived from JSON Web Token (JWTs), but is more compact.
ECDSA with P-256 for the digital signature algorithm
Base32 encoding of CWT into QR code in Alphanumeric mode, using a prefix of NZCP:/ and a version number. Some manipulation of the Base32 may be required when decoding.
The specification has full examples of the QR code and a worked example for how to decode it in the examples section.
Everything has already been done, have a look at the GIT files and example sites that have been built here [login to view URL] - more specifically the ones listed below.