Verx.codes uses an Eliptic Curve Digital Signature Algorithm (ECDSA) to assist in assuring that items sent to you truly come from whom they say they come. Verx Codes are QR codes which are crytpographically signed with the public key of a maker (a company, artist, manufacturer, etc.). Below is an illustritive example of the information which is displayed when you successfully scan a Verx code:
| Issuer's Public Key URL: | https://ourmakersite.org/ourpublickey.key |
| Expiration: | 10-Feb-2019 |
| Product Code: | PBR-34235i |
| Batch: | 3124 |
| Serial Number: | BR23423412345E4 |
| UUID: | 8e9bc225-c34a-4e33-bbb9-3a44e2e73e4a |
| Other Info: | Info: https://ourmakersite.org/moreinfo.html |
The entries: Expiration; Product Code; Batch; Serial Number; and Other Info, are filled at the maker's discretion. The entry names are suggestions only, but are also meant to enable product tracking, recalls, and meet regulatory requirements.
The entry, Issuer's Public Key URL, is a URL to a publicly available text file containing the maker's public key. This public key is used to verify the cryptographic integrity of the QR code signed with the maker's secret key.
The entry, UUID, is a Universally Unique Identifier, which should be set uniquely at the time of the QR codes creation. Each QR code should have it's own UUID.
Upon successfully scanning a Verx QR code, Verx.codes will signal the maker's website with the UUID of the QR code scanned, and, if you allow it, you, the user's, physical location. This allows the maker to possibly track the use of their product and warn you if there might be a possible forgery. Additionally, the maker can forward to you, the user, a supplemental URL link in order to provide additional information on the product or the particular UUID scanned.
A forger could copy an individual QR code in it's entirety, but should not be able modify it in any way such that it would still be validated by the true maker's public key. Supplying the UUID back to the maker allows them to count how many times that particular UUID has been scanned and potentially alert you to cases where the QR code has been used excessively indicating a potentially copied QR code.
Verx.codes is open source software. For more information or to get involved, see:
Our GitHub Site