EU Covid-19 Vaccine Certificate (Health Pass) QR Code Reader in Python 3

Image may be NSFW.
Clik here to view.

The EU health pass (or Covid-19 vaccine certificate) is a document that contains some information about you (essentially your name and date of birth) as well as your current vaccine status (number of doses) and a big QR code that gathers all data. Here is a small demo coded in Python 3 that scans the QR code of the EU vaccine certificate, decodes it and shows you the data hidden behind this QR code.

The demo works on Windows only because of the built-in webcam functions I used for scanning QR codes. If necessary, the demo can be updated later to bypass the webcam and scan the image of a QR code you dropped in. You will be able then to run the demo on Linux too.

Moreover, the full GeeXLab for Windows contains all Python3 packages required by the demo. Just download the full version of GeeXLab, unzip it, run GeeXLab and drop the QR code demo in GeeXLab. A serious webcam is also required. A webcam that can do a clear focus on very close objects like your health pass QR code (on your mobile phone or on paper). Some tries (on the button SCAN a QR Code) will be likely necessary to read the QR code.

The core of the QR code decoding step has been adapted from this source and can be summed up to this:

– the QR code is a string starting with HC1:
– the string following HC1: is base45 encoded.
– the decoded base45 string leads to zlib-compressed data.
– the decompression leads to a CBOR Web Token structure.

To decode the QR code, you need the following Python 3 packages:
– base45
– cbor2
– zlib
– pprint

base45 and cbor2 packages be installed using pip:

pip install base45
pip install cbor2

base45 and cbor2 are already shipped with the full version of GeeXLab so don’t worry about installing them.

zlib and pprint are shipped with Python 3.

Here is the decoding function of the demo you can find in the frame.py file:

def DecodeHealthPass(payload):
  # The HC1: prefix nust be removed before decoding.
  s = payload.replace("HC1:", "")

  # decode Base45
  b45payload = base45.b45decode(s)

  # decompress using zlib
  cbordata = zlib.decompress(b45payload)
  
  # load the CBOR structure
  decoded = cbor2.loads(cbordata)
  decoded_qrcode = cbor2.loads(decoded.value[2])

  # prepare the CBOR structure in a readable way (newlines are added). 
  decoded_qrcode_str = pprint.pformat(decoded_qrcode)
  return decoded_qrcode_str

 
The demo:
Image may be NSFW.
Clik here to view.

 
Here are the two steps to display the decoded QR code:

1/ click on SCAN a QR Code
This first step will show you the content (payload) of the QR code that must start with HC1: to be a valid health pass. You can now copy the payload to the clipboard if you need it.

2/ click on the Show decoded health pass button
This second step will decode the payload and display it in a small window. You can also copy to the clipboard the decoded health pass.

The decoded health pass contains information about the number of doses, the type of vaccin and its manufacturer. Here is a little help to decrypt these fields:

Field: ci --> "Unique Certificate Identifier, UVCI"
Field: co --> "Country of Test"
Field: is --> "Certificate Issuer"

Field: dob --> "Date of Birth, ISO 8601"

Field: dn --> "dose number"
Field: sd --> "Number of doses"

Field: mp  (medicinal product)
  EU/1/20/1528 --> Comirnaty
  EU/1/20/1507 --> COVID-19 Vaccine Moderna
  EU/1/21/1529 --> Vaxzevria
  EU/1/20/1525 --> COVID-19 Vaccine Janssen
 
Field: ma (vaccine manufacturer)
  ORG-100030215 --> Biontech Manufacturing GmbH
  ORG-100001699 --> AstraZeneca AB
  ORG-100001417 --> Janssen-Cilag International
  ORG-100031184 --> Moderna Biotech Spain S.L.
  ORG-100006270 --> Curevac AG

I added a PDF file in the demo folder that contains the specifications of the EU Covid-19 vaccine certificate.