Python implementation of the Corona-Warn-App (CWA) Event Registration
This is an implementation of the Protocol used to generate event and location QR codes for the Corona-Warn-App (CWA) as described in Corona-Warn-App: Documentation – Event Registration - Summary.
This is not an official implementation – use it at your own risk (as far as that's possible, these days…).
State
The Interface described in the Document is implemented, the undocumented pieces (Public Key Value, Seed Length, Versions etc.) have been taken from the Open Source iOS Client Application. As far as I know the interface has been fully implemented, but without an actual positive Corona Test there is no way to do an End-to-End verification.
Usage
Use as follows:
#!/usr/bin/env python3
import io
from datetime import datetime, time, timezone
import cwa_qr
import qrcode.image.svg
# Construct Event-Descriptor
event_description = cwa_qr.CwaEventDescription()
event_description.location_description = 'Zuhause'
event_description.location_address = 'Gau-Odernheim'
event_description.start_date_time = datetime(2021, 4, 25, 8, 0).astimezone(timezone.utc)
event_description.end_date_time = datetime(2021, 4, 25, 18, 0).astimezone(timezone.utc)
event_description.location_type = cwa_qr.lowlevel.LOCATION_TYPE_PERMANENT_WORKPLACE
event_description.default_check_in_length_in_minutes = 4 * 60
# Renew QR-Code every night at 4:00
event_description.seed = cwa_qr.rollover_date(datetime.now(), time(4, 0))
# Generate QR-Code
qr = cwa_qr.generate_qr_code(event_description)
# Render QR-Code to PNG-File
img = qr.make_image(fill_color="black", back_color="white")
img.save('example.png')
print("generated example.png")
# Render QR-Code to PNG BytesIO-Object for further usage
img_bytes = io.BytesIO()
img.save(img_bytes)
print(len(img_bytes.getvalue()), " bytes of png")
# Render QR-Code to SVG-File
svg = qr.make_image(image_factory=qrcode.image.svg.SvgPathFillImage)
svg.save('example.svg')
# Render QR-Code to SVG BytesIO-Object for further usage
svg_bytes = io.BytesIO()
svg.save(svg_bytes)
print(len(svg_bytes.getvalue()), " bytes of svg")
CwaEventDescription
location_description: Description of the Location, Optional, String, max 100 Characterslocation_address: Address of the Location, Optional, String, max 100 Charactersstart_date_time: Start of the Event, Optional, datetime in UTCend_date_time: End of the Event, Optional, datetime in UTC Caution, QR-Codes generated with different start/end times will have different Event-IDs and not warn users that have checked in with the other Code. Do not usedatetime.now()for start/end-date. For repeating Events usecwa_qr.rollover_dateto get a defined rollover.location_type: Type of the Location, Optional, one ofcwa.lowlevel.LOCATION_TYPE_UNSPECIFIED= 0cwa.lowlevel.LOCATION_TYPE_PERMANENT_OTHER= 1cwa.lowlevel.LOCATION_TYPE_TEMPORARY_OTHER= 2cwa.lowlevel.LOCATION_TYPE_PERMANENT_RETAIL= 3cwa.lowlevel.LOCATION_TYPE_PERMANENT_FOOD_SERVICE= 4cwa.lowlevel.LOCATION_TYPE_PERMANENT_CRAFT= 5cwa.lowlevel.LOCATION_TYPE_PERMANENT_WORKPLACE= 6cwa.lowlevel.LOCATION_TYPE_PERMANENT_EDUCATIONAL_INSTITUTION= 7cwa.lowlevel.LOCATION_TYPE_PERMANENT_PUBLIC_BUILDING= 8cwa.lowlevel.LOCATION_TYPE_TEMPORARY_CULTURAL_EVENT= 9cwa.lowlevel.LOCATION_TYPE_TEMPORARY_CLUB_ACTIVITY= 10cwa.lowlevel.LOCATION_TYPE_TEMPORARY_PRIVATE_EVENT= 11cwa.lowlevel.LOCATION_TYPE_TEMPORARY_WORSHIP_SERVICE= 12
default_check_in_length_in_minutes: Default Check-out time in minutes, Optionalseed: Seed to rotate the QR-Code, Optional,[str, bytes, int, float, date, datetime]orNone(Default). Use with caution & read below! If unsure, leave blank.
Rotating QR-Codes
From the Documentation:
Profiling of Venues
An adversary can collect this information for a single venue by scanning the QR code and extracting and storing the data. To mitigate the risk, CWA encourages owners to regularly generate new QR codes for their venues. The more frequent QR codes are updated, the more difficult it is to keep a central database with venue data up-to-date. However, a new QR code should only be generated when no visitor is at the event or location, because visitors can only warn each other with the same QR code.
From an Application-Developers point of view, special care must be taken to decide if and when QR codes should be changed. A naive approach, i.e. changing the QR-Code on every call, would render the complete Warning-Chain totally useless without anyone noticing. Therefore, the Default of this Library as of 2021/04/26 is to not seed the QR-Codes with random values. This results in every QR-Code being generated without an explicit Seed to be identical, which minimizes the Risk of having QR-Codes that do not warn users as expected at the increased risk of profiling of Venues.
As an Application-Developer you are encouraged to ask you user if and when they want their QR-Codes to change and explain to them that they should only rotate their Codes when they are sure that nobody is at the location or in the venue for at least 30 Minutes, to allow airborne particles to settle or get filtered out. Do not make assumptions regarding a good time to rotate QR-Codes (i.e. always at 4:00 am) because they will fail so warn people in some important Situations (nightclubs, hotels, night-shift working) without anyone noticing.
To disable rotation of QR-Codes, specify None as the Seed (Default behaviour).
The Library also gives you a utility to allow rotating QR-Codes at a given time of the day. Please make sure to also integrate some kind of Secret into the seed, to prevent an adversary from calculating future QR-Codes. The Secret must stay constant over time, or the resulting QR-Codes will not correctly trigger warnings.
import io
from datetime import datetime, time
import cwa_qr
# Construct Event-Descriptor
event_description = cwa_qr.CwaEventDescription()
# …
seed_date = cwa_qr.rollover_date(datetime.now(), time(4, 0))
event_description.seed = "Some Secret" + str(seed_date)
this will keep the date-based seed until 4:00 am on the next day and only then roll over to the next day. See test_rollover.py for an in-depth look at the rollover code.
Python 2/3
This library supports Python 3.6+, however there is a backport to Python 2 available at https://github.com/MaZderMind/cwa-qr/tree/py2
110 Dec 07, 2022
20 Dec 09, 2021
1 Nov 11, 2021
985 Jan 08, 2023
1.3k Nov 24, 2022
615 Dec 25, 2022
87 Jan 01, 2023
9 Mar 29, 2022
3.2k Jan 05, 2023
0 Nov 22, 2021
88 Jan 05, 2023
2 Nov 04, 2022
29 Oct 19, 2022
0 Nov 09, 2022
1.4k Dec 29, 2022
94 Nov 22, 2022
4 Nov 11, 2022
163 Dec 26, 2022
249 Dec 07, 2022
8 Oct 11, 2022