A government that can balance what to do internally and can carefully choose their contractors, all the while pushing towards openness, is a dream come true.
Sadly not the rule at the moment in Switzerland. Lots of mistakes have been made but there is a strong push towards this kind of work. E-Voting and E-Id was a disaster and we hope it gets pushed into this kind of openness and focus on privacy for all future government software.
E-voting was a poorly implemented transparency process to check a not totally terrible (and also, not correct) implementation of a pretty good design. Lessons were learned on the transparency side, and they are on HackerOne now, doing things approximately right. Security is hard and they will probably fail again, but they are failing according to industry standards now, at least. (I was a reviewer of the original system.)
e-ID was rejected by the voters as a gift of a service that should have been in government control to private industry for them to make profit on it. There was nothing technically terrible about the design for outsourcing eIDs to private industry, it was just a concept the voters found unacceptable. (I voted no along with a majority of my fellow citizens.)
It didn't really help that one of the prime candidate company to issue the eId couldn't get even basics, like cert management, straight.
I'm quite thankful for Die Republik (slightly leftist daily internet "paper", which is ad free and subscription only) because I think they were quite instrumental in uncovering some of the shenanigans being pulled by those companies.
One thing about e-voting that is often missing in the discussion. No matter how you do it, the most important goal of any voting system is surprisingly not to get a result — the most important goal is to get a result everybody can agree on.
This is the fundamental flaw of any e-voting system. Even if you manage to get it secure, how do you transparently proof this to everyone, including those who can't grok cryptography. What about those who don't care and just want to call the election stolen?
It is hard enough to convince them with paper ballots, but these are at least physical and they cannot come out of nowhere.
In my experience government either choses cheapest contractor (will all sort of consequences you can imagine) or bribes are involved (which might lead to a better outcome, surprisingly, but at much higher expenses). I wonder how Switzerland manages to avoid that plague.
I think that I once heard that in Switzerland the second cheapest bidder is the one to get the contract, exactly to discourage someone aggressively underbidding all others. I could not verify that now though.
How does the scanner app verify the signature? Does it always have to be online, or does it have a set of trusted public keys included?
How are the codes generated to begin with? Is there some central database that hands them out, or can any clinic generate one (having access to a copy of the private key?)
Infrastructure for code generation and signing is probably country-specific, though I imagine most countries will establish centralized systems dealing with this and integrate with other systems that track vaccination or test records on various levels (some countries delegate vaccination efforts to their states, others handle it nationally, etc.)
Edit: I am able to scan the code in the OPs link with the Swiss App and I can import it however the certificate seems to be currently not accepted.
https://github.com/admin-ch/CovidCertificate-App-Android