Skip to content

maslick/kameroon

Repository files navigation

🇨🇲 Kameroon 🇨🇲

QR/bar code scanner as a Service

Build Status

💡 Demo

  • Simplicity: No need for complex libraries. Just redirect users to Kameroon
  • On-Device Scanning: Scanning happens securely on your users' devices
  • Data Encryption: Results never leave users' devices unencrypted. RSA-OAEP encryption is used with the public_key you provide
  • Secure Retrieval: Encrypted data is sent back to your web app via the specified redirect_url
  • Client-Side Decoding: Ciphertext is decoded using your private_key, which stays safely on your users' devices
  • Key Rotation: Customize key rotation periods for enhanced security

🚀 Features

Supported formats

  • Linear product: UPC-A, UPC-E, EAN-8, EAN-13, ISBN
  • Linear industrial: CODE-39, CODE-93, CODE-128, CODABAR, DATABAR, ITF-14, I25
  • Matrix: QR code, Micro QR Code, Aztec, DataMatrix, PDF417

Security

  • In addition to using HTTPS, the resulting QR codes are further encrypted using asymmetric RSA-OAEP encryption to mitigate the risks associated with URL-based data transmission, including:
    • potential visibility in server logs and browser history
    • caching (some proxies and browsers might cache URLs, making your sensitive data accessible to others)
    • analytics tracking (if you're using analytics tools, they might capture query params, potentially exposing data you'd rather keep private)
    • server log exposure (server logs can sometimes include full URLs)
  • Kameroon does not store your users' QR codes or encryption keys
  • Encryption keys are rotated with customizable rotation periods (defaults to 1h) to align with user security policies

Developer support

🔭 References

🙏 Credits

We appreciate the open-source community for their contributions. Kameroon uses: