Digital Signature

A digital signature uses public-key cryptography to mathematically prove who created data (authentication) and that it has not been tampered with (integrity). The signer encrypts a hash of the data with their private key; the verifier decrypts it with the corresponding public key.

Combining QR codes with digital signatures addresses counterfeiting. Standard QR codes can be generated by anyone, making phishing QR codes easy to create. Embedding a digital signature in the QR data allows scanning apps to verify whether the code was issued by a legitimate authority.

The EU Digital COVID Certificate (EU DCC) demonstrated this at scale. Health authorities signed vaccination data with private keys and encoded it in QR codes. Verification apps checked signatures against public keys, making forgery of even paper-printed QR codes extremely difficult.

Standardization efforts in GS1 Digital Link and ICAO e-passports are extending signed QR codes to tickets, certificates, and product authentication.