PHP BärCODE library

v0.1.1 2021-05-21 16:37 UTC


This is a PHP library that generates a BärCODE as specified by PoNCI-Berlin.


Via Composer

NOTE: This package has not been published yet, so it has to be manually installed instead.

$ composer require ponci_berlin/phpbaercode


use ponci_berlin\phpbaercode\BaerCode;

$procedure = new Procedure(
    DateTime::createFromFormat(DateTimeInterface::RFC3339, "2021-05-01T08:00:00Z"),
$procedures = array($procedure);

$fist_name = "Max";
$last_name = "Mustermann";
$date_of_birth = DateTime::createFromFormat(DateTimeInterface::RFC3339, "1990-04-01T00:00:00Z");
$operator = "PoNC GmbH";
$kid = "<id_of_key_goes_here";

// $result is false for a negative test, and true for a positive vaccination.
$result = false

// privateKey is an instance of php3seclib\Crypt\EC\PrivateKey.
$baercode = new BaerCode(

// Get the raw base64 BärCODE.
$baercode_b64 = $baercode->generate();

// Get the code encoded into a QR code. (This will return a binary string of the image)
$baercode_qr = $baercode->generate_qr();


Right now there are only integration tests that run against our Go reference implementation, so running tests won't do much. The SCRATCH_DIR environment variable must be set:

$ SCRATCH_DIR=/tmp ./vendor/bin/phpunit

The files generated by the integration tests will be created in SCRATCH_DIR.

Requirements for integrators

There is a set of requirements for integrators that need to be in place to ensure there will be no problems for the people receiving BärCODEs:

  • A new key is submitted every 24 hours
  • Keys must be stored securely
  • Keys submitted must be stored for seven days and then be deleted
  • Errors during key rotation is logged
  • Monitoring of key rotation is in place
  • BärCODE presentation to the end user includes text saying "scan me here" (or similar in local language) and a link to https://scan.baercode.de
  • Integrator has separated development and production environments


Please see CONTRIBUTING and CODE_OF_CONDUCT for details.


If you discover any security related issues, please email daniel@ams-sec.org instead of using the issue tracker.