Verification of Health Department Keypair Certificates¶
Certificate Chain and Trust Anchor¶
Health Department Certificate Chain¶
The Health Department Certificate Chain is implemented as an ordinary X.509 certificate chain managed by a Trusted 3rd Party. The CA certificates contain 2048bit RSA public keys, the Health Department-specific certificates provides a 4096bit RSA public key. Furthermore, the Health Department-specific certificate claims “LUCA” as “Organizational Unit” in their distinguished name along with the specific health department’s identification as a FHIR code 1.
Health Department Key Pairs (HDSKP/HDEKP)¶
The luca-specific Health Department key pairs (a.k.a HDSKP and HDEKP) are signed by the respective Health Department Certificate and are implemented as Json Web Tokens. Along with an EC P-256 public key they contain meta data about the owning Health Department, namely:
UUID of the Health Department in the luca system
SHA-1 of the issuing Health Department Certificate
Common name of the Health Department
Type of key (either HDSKP or HDEKP)
Trust Boundaries and Assumptions¶
Trusted 3rd Party¶
The entire Health Department Certificate chain is provided by a Trusted 3rd Party (namely: D-Trust which is a subsidiary of the Bundesdruckerei) and not under the control of the Luca Service Operator. Therefore, the entire luca system (and its users) must rely on the integrity of the Trusted 3rd Party. Luca particularly relies on the Trusted 3rd Party to not issue valid Health Department Certificates to unauthorized individuals and to provide an effective way to revoke certificates if necessary. The root certificate “D-TRUST Limited Basic Root CA 1 2019” is the trust anchor for the application-specific trust chains in luca.
Health Department Administrator¶
Furthermore, luca relies on the integrity of the individual Health Department administrators. In particular that they issue a certified HDSKP and HDEKP for their Health Department using their Health Department Certificate’s private key. During registration, the Luca Server verifies the that the administrator issues the HDSKP/HDEKP for the Health Department that they presented a valid Health Department Certificate for. If necessary, the Trusted 3rd Party can revoke specific Health Department Certificates invalidating administrator-issued HDSKP/HDEKP.
All components in luca trust the authenticity and integrity of public key material and meta information contained in a successfully verified HDSKP or HDEKP. This allows all actors in the system to securely communicate with Health Departments. Given the defined trust assumptions above, the authenticity of HDSKP and HDEKP is not dependent on the integrity of the Luca Server.
Verification of Health Department Certificate Chain¶
The Luca Server provides the necessary certificates for the full certificate chain validation (namely specific Health Department Certificates, intermediate CA certificate along with recent OCSP responses). User facing applications (e.g. Guest Apps, Health Department Frontend, Venue Owner Frontend) are shipped with the trust anchor mentioned above (hard-coded). With this information, an ordinary X.509 certificate chain validation is performed using standard implementations depending on the specific platform.
In particular but not limited to, the following checks are performed:
Validity time interval (against the local time)
Issuer DN and signature
Issuer key usages and CA status
For Intermediate CA and Leaf Certificates
Revocation status (based on OCSP stapling)
Creation time stamp is recent enough
Signature chain is rooted in the trust anchor
Respective certificate serial number is marked as “good” (i.e. not “revoked”)
For Leaf certificates (Health Department Certificates)
OU is “LUCA”
CN is “<FHIR-code>.luca”
Key Usage contains “Digital Signature”
If all verification checks are successful the Health Department Certificate is considered trustworthy. Hence, the luca application will assume that the certificate is indeed owned by a legitimate Health Department.
Verification of HDSKP/HDEKP¶
Both Health Department key pairs (HDSKP, HDEKP) were signed by the Health Department Certificate during the registration of the Health Department. Hence, luca client applications consider HDSKP/HDEKP JWTs valid if their signature matches a Health Department Certificate that was successfully verified with the process described above.
As a result, the application considers application-specific messages and assets signed by the HDSKP authentic and originating from the associated legitimate Health Department (e.g. see Daily Keypair Rotation). Similarly, the application will consider the public key contained in HDEKP authentic and use it for encrypting messages addressed to the mentioned Health Department.
Note that luca currently does not implement a revocation mechanism for HDSKP/HDEKP certificates. If one of these keys is compromised, the Health Department Certificate will need to be revoked via the Trusted 3rd Party.
FHIR - Fast Healthcare Interoperability Resources