Annotation

As ordinarily, I'one thousand updating the post with more information as before long as I have admission to the said data. Things might modify. Some keys got leaked or someone has access to the portal and tin issue certificates for bogus people. Or maybe it's a glitch in the Matrix. Stay tuned!

Also, remember there are no private keys here and there will never be. We wouldn't desire some other takedown request against me, wouldn't nosotros? I already accept a friend, that bald guy, what's his name … Biff Jizzos or something. I don't need more.

Plain, the private keys used to sign the Eu Digital Covid-19 (GreenPass) certificates were leaked today.

That, or Adolf Hitler just got ii doses of the Pfizer vaccine. He has been granted now access to all indoor events that are off-limits to the people that were not vaccinated. I am joking simply I am not joking.

Let's inspect.

Updates

  • North Republic of macedonia 20.71.89.119/pinga.health (now redirects to vakcinacija.mk), signs certificates with the key id KjE8h58xh7A=, revoked on many European union apps.
  • Vietnam 171.244.0.200/ca.gov.vn, signs certificates with the key id Pux04KboTfM=, does non validate on whatever EU apps.
  • Laos 157.119.181.234/sbg.la, signs certificates with the cardinal id b7MB9vonnYs=, does not validate on any Eu apps.
  • Germany 138.68.76.73/app.pin.health, dev-alex.pin.health, dev-ann.pin.health, stage.pin.health (a testing app that simply has the frontend and no backend, which means it does not issue any certificates)
  • Uruguay 179.27.123.237/lacpass-uy.racsel.org (credentials here), signs certificates with the key id zqxM0w3JrYc=, does not validate on any European union apps.

Wow. So far it looks like no private cardinal was leaked just someone got access to one or more unsecured DGCA issuance web panels and tin can issue certificates signed with the Due north Republic of macedonia'southward key. N Macedonia's DGCA issuance portal got exposed and taken down by the regime, presumably.

Looks as if Poland's DGCA issuance portal has some issues too?

We can at present sympathise that it is non possible to emit certificates just by cloning the data because every bit already said they would not be validated. All the same the Open Source Code gives the states a general view of the process, nosotros can very understand that the weak ring is in the initial part of the data entry procedure of DGCA-ISSUER-Web Green Bypass

Taking another close look at the initial 4chan mail image, the two strings at the superlative are easily identifiable. Both "Record vaccination certification" and "Please query with ID Card!" strings are from this file in the eu-digital-green-certificates/dgca-issuance-web GitHub repo.

A bulletin (mirror image) on the RaidForums board, could exist faux, could be not fake. Some other mail service appeared on RaidForums, posted past someone that goes by the proper noun hronkis (Хронкис). Доктор Хронкис has a Telegram channel where he sells some stuff and what I noticed is that the colour of the brush (and style) in this channel post is very similar to the ane in the initial 4chan post. Make what you want of it.

            End bullshit! do you lot desire private keys? This word got fucked up towards postal service 52 when y'all tasted the jam.  Straight to the point, we take the private keys.  User @lolcol is the only ane who has hit the point and this word is filled with idiots.  Indicate two, we want to release them. Point three we want a reliable administrator and members to moderate this discussion.  I think that in this discussion there are a maximum of 5 people who understand what we are sitting on and the impact it tin can accept, nosotros have commercial proposals, but we don't want money we want to fuck EU.  I provide evidence of what I am proverb, evidence, not bullshit. Someone with a few stars on the chest of this forum contact me. Nosotros will practice a tiresome release, we will brand a public proposal towards EU, if they do not step back we publish only outset we want to testify y'all a couple of arguments. We can movement to another thread I don't want idiots to write their opinion, you are entitled to your informed opinion not bullshit. Hacking groups, activists, bright minds are welcome. We offer leaks because this consequence is getting too large and we have made enough money. But let's talk over what comes side by side ...

"but we don't want money we want to fuck EU."

Speculation

More information in the official repo. All certificates signed with the leaked key(due south) will need to be reissued, what a mess.

I guess there are two possibilities:

  • The keys are concur in HSMs and they were not leaked merely somebody found a cool style to convince the sistem into signing forged data.
  • Somebody had access to the keys and simply exposed some/all (?) of them.

I even so believe it's the start merely I wouldn't bet a finger on that it'due south not the second selection.

Based on an image leaked on 4chan (of grade), somebody seems to have access to the portal. Because that'south how you become Spongebob Squarepants from UK, Joe Mama from Zimbabwe and of class, our erstwhile friend Adolf Hitler from Austria vaccinated. Keep in mind that all the three certificates seem to be signed with North Macedonia's key, KjE8h58xh7A=.

There's a missed advert opportunity here: Fifty-fifty Adolf Hitler got the vaccine, what are you waiting for?! Or the people that are confronting the vaccine could say: Adolf Hitler got the vaccine and look where that got him!

Yes, I am joking, don't get offended.

One

            HC1:6BFOXN%TSMAHN-H3YS1IK47ES6IXJR4E47X5*T917VF+UOGIS1RYZV:X9:IMJZTCV4*XUA2PSGH.+H$NI4L6HUC%UG/YL WO*Z7ON13:LHNG7H8H%BFP8FG4T 9OKGUXI$NIUZUK*RIMI4UUIMI.J9WVHWVH+ZEOV1AT1HRI2UHD4TR/S09T./08H0AT1EYHEQMIE9WT0K3M9UVZSVV*001HW%8UE9.955B9-NT0 ii$$0X4PCY0+-CVYCRMTB*05*9O%0HJP7NVDEBO584DKH78$ZJ*DJWP42W5P0QMO6C8PL353X7H1RU0P48PCA7T5MCH5:ZJ::AKU2UM97H98$QP3R8BH9LV3*O-+DV8QJHHY4I4GWU-LU7T9.V+ T%UNUWUG+Grand.1KG%VWE94%ALU47$71MFZJU*HFW.6$X50*MSYOJT1MR96/1Z%FV3O-0RW/Q.GMCQS%NE                      
                          {              "1"              :              "CNAM"              ,              "4"              :              1697234400              ,              "6"              :              1635199742              ,              "-260"              :              {              "1"              :              {              "5"              :              [              {              "ci"              :              "URN:UVCI:01:FR:T5DWTJYS4ZR8#4"              ,              "co"              :              "FR"              ,              "dn"              :              2              ,              "dt"              :              "2021-ten-01"              ,              "is"              :              "CNAM"              ,              "ma"              :              "ORG-100030215"              ,              "mp"              :              "Eu/1/20/1528"              ,              "sd"              :              2              ,              "tg"              :              "840539006"              ,              "vp"              :              "J07BX03"              }              ],              "dob"              :              "1900-01-01"              ,              "nam"              :              {              "fn"              :              "HITLER"              ,              "gn"              :              "ADOLF"              ,              "fnt"              :              "HITLER"              ,              "gnt"              :              "ADOLF"              },              "ver"              :              "1.3.0"              }              }              }

Ii

            HC1:6BFOX141AZPOPS30OU TSUO9-Q1CO9IIE *Five%DTBQ98PTSAJ+3R. G9UFNUDSTESCSA24/E02BNT84/L8PW1F-9ZPU.C4YVA3JK3/NITT9ES2:0P04R-T-P77SB*Z9C5O R2V/FFPKYJIBM98TG+APC:Due east:*BAETT75XE36N4.PF30PC3LU+KYLNKZ2E7DZXG0CPL+viii/N36FHRICSGEKP1X9GSQ79CGCTVYRCLQ7Q.K.J2%8VSR9YA8 16.24W79O44AA2X$IRC5EV42C4GVGX621A0YTUNXKPPOSUKHJAB32L5AP67RVOXTNBUTPZQJ9B1H71+4KUVKLLZ+64DMO964C4XIMBZG.OJZHB60QYU3:.J5SI%U0GFRYRRXKDLP9/GRM$58SE+VGI1N-BI%0Q%PNUO9A00854P%Q3X2-S5XLQ2X3JQUOEV:9W8DRGNUHBR:.NZENY*3JC0.O6 65O.R4%5R03K+A0HCD-S-IF-V7D$VD-N$CS9OU7FP4ZF-07DUSRLQ9LT:8DWUE                      
                          {              "ane"              :              "PL"              ,              "4"              :              1685101990              ,              "half-dozen"              :              1635098906              ,              "-260"              :              {              "1"              :              {              "v"              :              [              {              "dn"              :              1              ,              "ma"              :              "ORG-100001417"              ,              "vp"              :              "J07BX03"              ,              "dt"              :              "2021-07-xi"              ,              "co"              :              "PL"              ,              "ci"              :              "URN:UVCI:01:PL:1/AF2AA5873FAF45DFA826B8A01237BDC4"              ,              "mp"              :              "European union/1/20/1525"              ,              "is"              :              "Centrum e-Zdrowia"              ,              "sd"              :              ane              ,              "tg"              :              "840539006"              }              ],              "nam"              :              {              "fnt"              :              "HITLER"              ,              "fn"              :              "Hitler"              ,              "gnt"              :              "ADOLF"              ,              "gn"              :              "Adolf"              },              "ver"              :              "1.0.0"              ,              "dob"              :              "1930-01-01"              }              }              }

Three

            HC1:6BFOXN%TSMAHN-H3YS1IK47ES6IXJR4E47X5*T917VF+UOGIS1RYZV:X9RLMSV9 NI4EFSYS:%OD3PYE9*FJ9QMQC8$.AIGCY0K5$0V-AVB85PSHDCR.9K%47IG$+9OPPYE97NVA.D9B92FF9B9LW4G%89-85QNC%05$0VD9%.OMRE/IE%TE6UGYGGCY0$2P0GB*$K8KG+9RR$F+ F%J00N89M40%KLR2A KZ*U0I1-I0*OC6H0/VMNPM/UESJ0A5L5M0G+SI*VSDKPZ0CN62XEAW1 WUQRELS4J1TZWV63HUTN /K9:KFKF+SF3*86AL3*IC%OYZQ5I9 LG/HLIJLKNF8JF172QDRB2C3OUW3IQ6RYMKHDV4*F -IMBCJIO%OA8EV/G3L-NG:2EQB*:C8FFIVT:1QI 8NIMW:BW$Past$M/+8%RFV8C3LVZ:2T+8IQ9LF8I66WWD                      
                          {              "one"              :              "CNAM"              ,              "4"              :              1697234400              ,              "6"              :              1635333648              ,              "-260"              :              {              "1"              :              {              "v"              :              [              {              "ci"              :              "URN:UVCI:01:FR:W7V2BE46QSBJ#L"              ,              "co"              :              "FR"              ,              "dn"              :              two              ,              "dt"              :              "2021-x-01"              ,              "is"              :              "CNAM"              ,              "ma"              :              "ORG-100030215"              ,              "mp"              :              "European union/1/20/1528"              ,              "sd"              :              ii              ,              "tg"              :              "840539006"              ,              "vp"              :              "J07BX03"              }              ],              "dob"              :              "2001-12-31"              ,              "nam"              :              {              "fn"              :              "MOUSE"              ,              "gn"              :              "MICKEY"              ,              "fnt"              :              "MOUSE"              ,              "gnt"              :              "MICKEY"              },              "ver"              :              "1.three.0"              }              }              }

Feel costless to scan the QR codes higher up with your official awarding (for example, the Austrian, Estonian or Finnish apps). Or apply my tool for it.

  • Listing of all public keys
  • Green Bypass 2.0
  • Generate certificates (simply you volition still need the private key)
  • SE Digital Covid Certificate Trust Indicate
  • RaidForums thread
  • GitHub word