Public security test «COVID-19 certificate system»

With the shutdown of the SwissCovid App at the end of August 2023, the security test for the Swiss Covid Certificate also ended.

01.07.2021 - The Covid certificate has been rolled out in the cantons and is in use. However, the Public Security Test (PST) continues and test results can still be reported to the NCSC.

31.05.2021 - Intensive work is currently underway for the Covid certificate, which will be gradually introduced in the cantons from 7 June. Accompanied by the National Cyber Security Centre (NCSC), various security analyses are being carried out to obtain an appropriate level of security. Due to the tight schedule, random examinations have been carried out so far by the National Test Institute for Cyber Security (NTC). In order to further support the previous findings, the system will now be subjected to an endurance test by other experts and interested persons within the framework of a public security test. Therefore, the source code of the Covid certificate is now publicly available (https://github.com/admin-ch/CovidCertificate-Documents). The security vulnerabilities identified in the course of these tests will be recorded and will flow into the development on an ongoing basis. The findings from the tests carried out so far will be published in the next few days.

The aim of the Public Security Test (PST) is to test the security of the Covid Certificate and to build trust before the public rollout. The public security test will start on 31 May 2021. The Confederation wants to make the functioning and security of the COVID-19 certificate system as transparent as possible. For this reason, all components are open source and a public security test will be carried out.

The public security test will be carried out by the National Cyber Security Centre (NCSC) and aims to provide full transparency. Test results are to be reported via the NCSC website, where there is a form for entering detailed information. The NCSC will receive these reports, evaluate their contents, prioritise them according to their criticality and, if necessary, arranges remedies. Existing feedback is publicly available on the NCSC website and is updated regularly.