Android Question How to read Encrypted Data from QRCODE

junaidahmed

Well-Known Member
Licensed User
I have used ZXING QRCODE BARCODE library in my application.It works fine as per my requirement.I have some of the qrbarcode (AADHAR CARD)which returns only encrypted data.So I can not read this data in ZXING QRCODE BARCODE library.I have an below link for Android apps which reads the encrypted data when I scan QRCODE.Please advise how to read this data in B4A applications...

https://uidai.gov.in/ecosystem/authentication-devices-documents/qr-code-reader.html#
 

techknight

Well-Known Member
Licensed User
Without the algorithm and the encryption keys, you cant do anything. According to the link, you have to use their proprietary software which decrypts the information contained in the QR code, or a file, etc.

So unless they offer some sort of API you can use, whether it be an online-based REST API, etc. your kinda stuck otherwise.
 

agraham

Expert
Licensed User
This seemed interesting so I had a look at it and found this description of how to decode it

https://uidai.gov.in/images/resource/User_manulal_QR_Code_15032019.pdf

The data from the bar code is not in fact encrypted as far as I can tell but is binary data signed by a public key to verify that the data is genuinely sourced from the Indian Government. The document at the link above tells you how to decode it, though what the first three steps of validation mean are not clear to me.
 

techknight

Well-Known Member
Licensed User
Ah, well at least they published the specs. Although there is a ton of personally identifiable information in that QR code that wouldnt be a good idea if it did get out, so eh... Anyways.
 

techknight

Well-Known Member
Licensed User
This seemed interesting so I had a look at it and found this description of how to decode it

https://uidai.gov.in/images/resource/User_manulal_QR_Code_15032019.pdf

The data from the bar code is not in fact encrypted as far as I can tell but is binary data signed by a public key to verify that the data is genuinely sourced from the Indian Government. The document at the link above tells you how to decode it, though what the first three steps of validation mean are not clear to me.
Sounds like ints to bytes. But then its also compressed (so it says). Doesn't say what compression algo, maybe RLE? only can guess there.

Edit: I got it. Seems as the QR data is one big number. Hence why they show it as Big Integer. So it has to be written/loaded in a Big Integer type, and then converted into a byte array from that. So I "assume" that means take that big a** number, chop it up into 8 bit chunks which becomes your byte array?
 
Last edited:

agraham

Expert
Licensed User
Here is another link for scanning QR Code for Aadhar Card
I'm beginning to think that you don't have sufficient understanding of the Aadhar Card system to do what you want. This link above is to a very simple app to read the original Aadhar card QR Code which seems to contain the data as clear text in an XML format. You seem to want to decode the later, more secure from fraud, digitally signed QR Code which needs more processing which that app cannot do.


Although there is a ton of personally identifiable information in that QR code that wouldnt be a good idea if it did get out
Actually I think they have thought of that. Basically the only available information in the code is name, date of birth and address. Note that the email address and mobile number are not actually stored in the code, only secure hashes for them are. Part of the identity confirmation is to for the card/letter bearer to give those to the validator which then confirms that they match the stored hash. The photo saved in the code can also be compared to the card/letter bearer by the validator and it is all signed to validate that the data has not been tampered with.
 

techknight

Well-Known Member
Licensed User
Yea, Makes sense I guess. Definitely better than the simple social security numbers we use here, that get breached all the time. Antiquated system.
 
Top