EU Green Passport System Breach … A Large Scale Leak of Private Keys or A Human Trust Breakdown?

Well, it had to happen. Last week it was reported that Adolf Hitler and Mickey Mouse could prove their vaccination status with valid EU’s Green Pass vaccine passports. Unless the EU Commission find the root of this compromise, the whole of the EU Green Pass vaccination identity system could collapse, and thus our first major attempt at building a more trusted health care world across our borders will fail.

The magic of the private key

To give you an understanding of how these passports are created, each trusted authority in each country will a set of private and a public keys (they should use more than one, in case they have to revoke some of them). A single signing key pair would cause major problems, as a single like of this key, would mean that all of the passports signed within that country would be revoked.

The vaccine status passport is signed by the private key and proven with the associated public key. This digital signature on the passport proves both its contents and its validity (or trustworthiness of the passport). When the passport is checked, it is then checked against a set of trusted public keys. These public keys can be stored centrally by each country, or by the EU Commission. At a border check…