Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Secure / Encrypted QR Codes [closed]

Tags:

qr-code

Is there an application where you can generate encrypted QR Codes?

I havent a lot of literature on encrypting QR codes out there. We are looking to implement something that clients can send us encrypted information and we scanning them on our site.

Has any of you been involved in a project such as this?

like image 896
andreas Avatar asked Jun 06 '11 08:06

andreas


People also ask

Can QR code data be encrypted?

It's important to remember that QR Codes do not have to represent a URL. They can be an encrypted lookup code that points an authorised reader to a location from where they can pick up the information that is being shared.

Can a QR code be deactivated?

QR Codes actually cannot be deleted. There's a logical reason for this, and it has to do with your customers' experience. Let's say you have a code printed on a flyer, but now the campaign is over. Logically, you would delete that code in your account because you no longer need it for your campaign.

Can QR codes be locked?

What is a password-protected QR code and how does it work? Password-protected QR codes are QR codes in which the content or information stored in the QR code can only be accessed and viewed after the scanners entered the right password.

Will we eventually run out of QR codes?

The complexity of a QR code also means that there are a practically infinite number of possible permutations — everyone on earth can assign a unique QR code to every photo, link, and product ever created, and we'll never run out.


1 Answers

Other answers suggest you could use the QR code to encode a URL, and then ensure the service at that URL provides the authentication / security you need. If the channel you're using to communicate with your client is digital and internet-connected, maybe that makes sense ... and if it does make sense, you don't need a QR code at all, just send the URL. As Tadmas pointed out, QR is just an encoding.

However, I'll infer from your original question that the channel you're using is analog (paper??), or digital but not internet-connected (digital photos of a paper original or screen shot, or ??). That's not the most usual use case -- not what most of the respondents on this forum would naturally consider -- but I can imagine some realistic use cases e.g. for bills or payment data where that could be happening.

If that's true -- if for some reason you have to transmit the actual data through a non-internet channel, and the actual data has to be wrapped in a QR code format, then there's a different way to do this.

The obvious approach (hi-level) looks like this

message
   --> (compress) --> compressed message 
      --> (encrypt) --> encrypted compressed message
         --> (QR encode) --> QR of encrypted compressed message
            ... send over channel ...
      encrypted compressed message <-- (QR decode) <--
   compressed message <-- (decrypt) <-- 
message <-- (decompress) <--

In which your primary challenge is to choose compression & crypto algorithms that suit your purposes.

Note well, crypto is non-obvious, approach with respect & caution, don't just slam something together ...

Compressing before encrypting is a best practice. It isn't always needed as a separate step, because some crypto algorithms perform compression for you -- for example, PGP compresses data before encrypting. Others don't. If you're not sure or the approach needs to be general (work for different choices of crypto algorithm) you can always compress; it's safe, just sometimes pointless.

Choice of crypto algorithm has many implications (key management etc. -- huge topic). However one of the implications is especially relevant to QR codes -- how much the crypto step bloats your message. QR code blocks have a limited capacity of 2953 bytes of 8-bits each. If the message you're transmitting is close to this limit, you'll want to choose a crypto algorithm that has output size equal to input size (AES is one example). If the message is much smaller than this limit, then you won't care about this (could use the highly-bloating PGP for example).

If you can find compression and encryption algorithms that work for both you & your client (and a safe way to distribute keys and so on), then I don't think it's particularly hard to satisfy your original request. Don't try to encrypt the QR code itself (not sure that terminology actually makes any sense) but instead, compress and encrypt your data, then QR-encode the resulting encrypted data. Nothing to it.

like image 175
Chris Johnson Avatar answered Oct 21 '22 02:10

Chris Johnson