Daily Keypair Rotation

As Health Departments are federated in Germany, they need to share a common keypair (namely the daily keypair). This keypair is generated and distributed among all Health Departments on a daily basis. For the distribution, we use the HDEKPs (that are uniquely owned by each health department) to encrypt the daily keypair’s private key for each Health Department. These encrypted private key objects are then uploaded to luca.

Overview

Assets

  • None

Preconditions

Postconditions

Secrets

The following secrets are involved in this process:

Secret

Use / Purpose

Location

daily keypair

Guest Apps use the daily keypair’s public key to encrypt their contact data reference for every Check-In. The daily keypair is rotated frequently to minimize potential misuse.

Private key is accessible to all Health Departments

HDSKP

New daily keypair public keys are signed by the Health Department’s private key so that Guest Apps can validate the public key’s authenticity.

Every Health Department maintains their own HDSKP locally. Public keys are distributed via the Luca Server 1.

HDEKP

New daily keypair private keys are encrypted for each Health Department via their associated HDEKP.

Every Health Department maintains their own HDEKP locally. Public keys are distributed via the Luca Server 1.

Daily Public Key Rotation

For every Check-In the Guest App encrypts a contact data reference with the daily keypair. To mitigate the impact of any single compromised key luca rotates the daily keypair frequently.

The rotation will be performed by any Health Department that logs in after the last daily keypair expired. The private key is encrypted and shared by all participating Health Departments using their associated HDEKPs (Health Department Encryption Key Pair) via the Luca Server. The public key (and its creation date) are signed with the HDSKP (Health Department Signing Key Pair) and distributed to all Guest Apps via the Luca Server. This effectively replaces the old daily keypair. All described cryptographic actions are performed in the Health Department Frontend, the Luca Server never learns the daily keypair private key in plaintext form.

Measures are taken to solve race conditions if multiple Health Departments try to perform the key rotation simultaneously. Eventually, all Health Departments share the knowledge of the new daily keypair and are ready to decipher Contact Data of Check-Ins performed on that day.

Rotation Process

../_images/daily_key_rotation_2_0.svg

Key Destruction

Private keys of daily keypairs that are older than the epidemiologically relevant time span (specifically, four weeks) can be destroyed. The Luca Server removes all such encrypted private keys for all Health Departments. Furthermore, the Health Department Frontend removes all locally stored copies of such private keys.

Security Considerations

Authenticity of HDSKP and HDEKP

Each Health Department owns a pair of keypairs, namely HDSKP and HDEKP. Those keypairs are used to authenticate and distribute newly generated daily keypairs. Both HDSKP and HDEKP are generated in the Health Department Frontend during the registration process and remain known exclusively to the respective Health Department. In a future version of _luca_, we plan to certify the public keys of HDSKP and HDEKP by an independent trusted certificate authority to further strengthen their authenticity guarantees.


1(1,2)

Currently, the Health Departments provide verbatim public keys as HDSKP/HDEKP, only. A future version of luca will also provide means to verify the authenticity of those public keys against a trusted third party.