Private keys used to sign the EU Digital Covid-19 certificate possibly leaked
Note
As usually, I’m updating the post with more information as soon as I have access to the said information. Things might change. Some keys got leaked or someone has access to the portal and can issue certificates for bogus people. Or maybe it’s a glitch in the Matrix. Stay tuned!
Also, remember there are no private keys here and there will never be. We wouldn’t want another takedown request against me, wouldn’t we? I already have a friend, that bald guy, what’s his name … Biff Jizzos or something. I don’t need more.
That, or Adolf Hitler just got two doses of the Pfizer vaccine. He has been granted now access to all indoor events that are off-limits to the people that were not vaccinated. I am joking but I am not joking.
Let’s inspect.
Updates
- North Macedonia 20.71.89.119/
pinga.health(now redirects tovakcinacija.mk), signs certificates with the key idKjE8h58xh7A=, revoked on many EU apps. - Vietnam 171.244.0.200/
ca.gov.vn, signs certificates with the key idPux04KboTfM=, does not validate on any EU apps. - Laos 157.119.181.234/
sbg.la, signs certificates with the key idb7MB9vonnYs=, does not validate on any EU apps. - Germany 138.68.76.73/
app.pin.health,dev-alex.pin.health,dev-ann.pin.health,stage.pin.health(a testing app that only has the frontend and no backend, which means it does not issue any certificates) - Uruguay 179.27.123.237/
lacpass-uy.racsel.org(credentials here), signs certificates with the key idzqxM0w3JrYc=, does not validate on any EU apps.
Wow. So far it looks like no private key was leaked but someone got access to one or more unsecured DGCA issuance web panels and can issue certificates signed with the North Macedonia’s key. North Macedonia’s DGCA issuance portal got exposed and taken down by the authorities, presumably.
Looks as if Poland’s DGCA issuance portal has some issues too?
We can now understand that it is not possible to emit certificates simply by cloning the data because as already said they would not be validated. However the Open Source Code gives us a general view of the process, we can very understand that the weak ring is in the initial part of the data entry procedure of DGCA-ISSUER-WEB Green Bypass
Taking another close look at the initial 4chan post image, the two strings at the top are easily identifiable. Both "Record vaccination certification" and "Please query with ID Card!" strings are from this file in the eu-digital-green-certificates/dgca-issuance-web GitHub repo.
A message (mirror image) on the RaidForums board, could be fake, could be not fake. Another post appeared on RaidForums, posted by someone that goes by the name hronkis (Хронкис). Доктор Хронкис has a Telegram channel where he sells some stuff and what I noticed is that the color of the brush (and style) in this channel post is very similar to the one in the initial 4chan post. Make what you want of it.
Stop bullshit! do you want private keys?
This discussion got fucked up towards post 52 when you tasted the jam.
Straight to the point, we have the private keys.
User @lolcol is the only one who has hit the point and this discussion is filled with idiots.
Point two, we want to release them.
Point three we want a reliable administrator and members to moderate this discussion.
I think that in this discussion there are a maximum of 5 people who understand what we are sitting on and the impact it can have,
we have commercial proposals, but we don't want money we want to fuck EU.
I provide evidence of what I am saying, evidence, not bullshit.
Someone with a few stars on the chest of this forum contact me.
We will do a slow release, we will make a public proposal towards EU, if they do not step back we publish but first we want to show you a couple of arguments.
We can move to another thread I don't want idiots to write their opinion, you are entitled to your informed opinion not bullshit.
Hacking groups, activists, brilliant minds are welcome.
We offer leaks because this issue is getting too big and we have made enough money.
But let's discuss what comes next ...
“but we don’t want money we want to fuck EU.”
Speculation
More information in the official repo. All certificates signed with the leaked key(s) will need to be reissued, what a mess.
I guess there are two possibilities:
- The keys are hold in HSMs and they were not leaked but somebody found a cool way to convince the sistem into signing forged data.
- Somebody had access to the keys and just exposed some/all (?) of them.
I still believe it’s the first but I wouldn’t bet a finger on that it’s not the second option.
Based on an image leaked on 4chan (of course), somebody seems to have access to the portal. Because that’s how you get Spongebob Squarepants from UK, Joe Mama from Zimbabwe and of course, our old friend Adolf Hitler from Austria vaccinated. Keep in mind that all the three certificates seem to be signed with North Macedonia’s key, KjE8h58xh7A=.
There’s a missed advertising opportunity here: Even Adolf Hitler got the vaccine, what are you waiting for?! Or the people that are against the vaccine could say: Adolf Hitler got the vaccine and look where that got him!
Yes, I am joking, don’t get offended.
One
HC1:6BFOXN%TSMAHN-H3YS1IK47ES6IXJR4E47X5*T917VF+UOGIS1RYZV:X9:IMJZTCV4*XUA2PSGH.+H$NI4L6HUC%UG/YL WO*Z7ON13:LHNG7H8H%BFP8FG4T 9OKGUXI$NIUZUK*RIMI4UUIMI.J9WVHWVH+ZEOV1AT1HRI2UHD4TR/S09T./08H0AT1EYHEQMIE9WT0K3M9UVZSVV*001HW%8UE9.955B9-NT0 2$$0X4PCY0+-CVYCRMTB*05*9O%0HJP7NVDEBO584DKH78$ZJ*DJWP42W5P0QMO6C8PL353X7H1RU0P48PCA7T5MCH5:ZJ::AKU2UM97H98$QP3R8BH9LV3*O-+DV8QJHHY4I4GWU-LU7T9.V+ T%UNUWUG+M.1KG%VWE94%ALU47$71MFZJU*HFW.6$X50*MSYOJT1MR96/1Z%FV3O-0RW/Q.GMCQS%NE
{
"1": "CNAM",
"4": 1697234400,
"6": 1635199742,
"-260": {
"1": {
"v": [
{
"ci": "URN:UVCI:01:FR:T5DWTJYS4ZR8#4",
"co": "FR",
"dn": 2,
"dt": "2021-10-01",
"is": "CNAM",
"ma": "ORG-100030215",
"mp": "EU/1/20/1528",
"sd": 2,
"tg": "840539006",
"vp": "J07BX03"
}
],
"dob": "1900-01-01",
"nam": {
"fn": "HITLER",
"gn": "ADOLF",
"fnt": "HITLER",
"gnt": "ADOLF"
},
"ver": "1.3.0"
}
}
}
Two
HC1:6BFOX141AZPOPS30OU TSUO9-Q1CO9IIE *V%DTBQ98PTSAJ+3R. G9UFNUDSTESCSA24/E02BNT84/L8PW1F-9ZPU.C4YVA3JK3/NITT9ES2:0P04R-T-P77SB*Z9C5O R2V/FFPKYJIBM98TG+APC:E:*BAETT75XE36N4.PF30PC3LU+KYLNKZ2E7DZXG0CPL+8/N36FHRICSGEKP1X9GSQ79CGCTVYRCLQ7Q.K.J2%8VSR9YA8 16.24W79O44AA2X$IRC5EV42C4GVGX621A0YTUNXKPPOSUKHJAB32L5AP67RVOXTNBUTPZQJ9B1H71+4KUVKLLZ+64DMO964C4XIMBZG.OJZHB60QYU3:.J5SI%U0GFRYRRXKDLP9/GRM$58SE+VGI1N-BI%0Q%PNUO9A00854P%Q3X2-S5XLQ2X3JQUOEV:9W8DRGNUHBR:.NZENY*3JC0.O6 65O.R4%5R03K+A0HCD-S-IF-V7D$VD-N$CS9OU7FP4ZF-07DUSRLQ9LT:8DWUE
{
"1": "PL",
"4": 1685101990,
"6": 1635098906,
"-260": {
"1": {
"v": [
{
"dn": 1,
"ma": "ORG-100001417",
"vp": "J07BX03",
"dt": "2021-07-11",
"co": "PL",
"ci": "URN:UVCI:01:PL:1/AF2AA5873FAF45DFA826B8A01237BDC4",
"mp": "EU/1/20/1525",
"is": "Centrum e-Zdrowia",
"sd": 1,
"tg": "840539006"
}
],
"nam": {
"fnt": "HITLER",
"fn": "Hitler",
"gnt": "ADOLF",
"gn": "Adolf"
},
"ver": "1.0.0",
"dob": "1930-01-01"
}
}
}
Three
HC1:6BFOXN%TSMAHN-H3YS1IK47ES6IXJR4E47X5*T917VF+UOGIS1RYZV:X9RLMSV9 NI4EFSYS:%OD3PYE9*FJ9QMQC8$.AIGCY0K5$0V-AVB85PSHDCR.9K%47IG$+9OPPYE97NVA.D9B92FF9B9LW4G%89-85QNC%05$0VD9%.OMRE/IE%TE6UGYGGCY0$2P0GB*$K8KG+9RR$F+ F%J00N89M40%KLR2A KZ*U0I1-I0*OC6H0/VMNPM/UESJ0A5L5M0G+SI*VSDKPZ0CN62XEAW1 WUQRELS4J1TZWV63HUTN /K9:KFKF+SF3*86AL3*IC%OYZQ5I9 LG/HLIJLKNF8JF172QDRB2C3OUW3IQ6RYMKHDV4*F -IMBCJIO%OA8EV/G3L-NG:2EQB*:C8FFIVT:1QI 8NIMW:BW$BY$M/+8%RFV8C3LVZ:2T+8IQ9LF8I66WWD
{
"1": "CNAM",
"4": 1697234400,
"6": 1635333648,
"-260": {
"1": {
"v": [
{
"ci": "URN:UVCI:01:FR:W7V2BE46QSBJ#L",
"co": "FR",
"dn": 2,
"dt": "2021-10-01",
"is": "CNAM",
"ma": "ORG-100030215",
"mp": "EU/1/20/1528",
"sd": 2,
"tg": "840539006",
"vp": "J07BX03"
}
],
"dob": "2001-12-31",
"nam": {
"fn": "MOUSE",
"gn": "MICKEY",
"fnt": "MOUSE",
"gnt": "MICKEY"
},
"ver": "1.3.0"
}
}
}
Feel free to scan the QR codes above with your official application (for example, the Austrian, Estonian or Finnish apps). Or use my tool for it.
Links
- List of all public keys
- Green Bypass 2.0
- Generate certificates (but you will still need the private key)
- SE Digital Covid Certificate Trust Point
- RaidForums thread
- GitHub discussion