dgc 0.0.4

A parser and validator for the EU Digital Green Certificate (dgc) a.k.a. greenpass
Documentation

dgc

Test codecov crates.io badge Documentation

A parser and validator for the EU Digital Green Certificate (dgc) a.k.a. greenpass 📲✅

  • Parses the text content of a European Digital Green Certificate (dgc or greenpass) and extract the embedded data
  • Uses a Trustlist of public keys and Elliptic Curve cryptography to be able to validate the signature of a given certificate
  • It offers a minimal and easy to use API
  • The certificate data can be easily serialized/deserialized for ease of testing and reporting
  • It embeds the official valueset so that internal IDs (diseases, result types, countries, testing authorities, etc.) can be easily expanded to their descriptive equivalents
  • It reports errors for all fallible operations minimising the opportunity for panicking
  • Offers utilities for easily populate a Trustlist from various types of keys and apis
  • It's tested against the official testing dataset

Current limitations:

  • It only supports EC signatures (see #2)
  • It does not support KID in the COSE unprotected header (see #1)

Usage

To install the latest version of dgc, add this to your Cargo.toml:

[dependencies]
dgc = "*"

Dgc in action

This library tries to address 2 main use cases:

1. Decode a certificate without validating its signature

let raw_certificate_data = "HC1:NCF:603A0T9WTWGSLKC..."; // all the raw certificate data (extracted from a QR code)
let certificate_container = dgc::decode(raw_certificate_data).expect("Cannot parse certificate data");
println!("{:#?}", certificate_container);

2. Decode a certificate and validate the signature against a trustlist

let raw_certificate_data = "HC1:NCF:603A0T9WTWGSLKC..."; // all the raw certificate data (extracted from a QR code)
// This is a X509 certificate that contains a Public Key
let signature_certificate = "MIIDujCCAaKgAwIBAgIIKUgZWBL1pnMw...";
// Key ID of the Public Key embedded in the certificate above
let key_id: Vec<u8> = vec![83, 155, 239, 7, 121, 54, 10, 62];

// We create a new Trustlist (container of "trusted" public keys)
let mut trustlist = dgc::TrustList::default();
// We add the public key in the certificate to the trustlist
trustlist
    .add_key_from_certificate(&key_id, signature_certificate)
    .expect("Failed to add key from certificate");

// Now we can validate the signature (this returns)
let (certificate_container, signature_validity) =
    dgc::validate(raw_certificate_data, &trustlist).expect("Cannot parse certificate data");

println!("{:#?}", &certificate_container);

// Checks the validity of the signature
match signature_validity {
    dgc::SignatureValidity::Valid => println!("The certificate signature is Valid!"),
    e => println!("Could not validate the signature: {}", e),
}

Other examples?

To get started using dgc, see the examples or the docs.

If you clone the repository locally, you can easily run the example files with:

cargo run --example <name of example file>

Contributing

Everyone is very welcome to contribute to this project. You can contribute just by submitting bugs or suggesting improvements by opening an issue on GitHub.

License

Licensed under MIT License. © Luciano Mammino.