Health Department Registration¶
luca helps Health Departments to trace contact persons and identify infection clusters. In order to participate in the system Health Departments need to be registered and onboarded first.
the Health Department is not onboarded
an admin user for the Health Department has been registered
relevant daily keypairs have been re-encrypted by an existing Health Department
The following secrets are involved in this process:
Use / Purpose
Encrypt/decrypt the daily keypair.
Acquisition of a Health Department Certificate¶
Health Departments require the Health Department Certificate for two purposes:
The certificate is issued by a Trusted 3rd Party; in this case the Bundesdruckerei. It is the responsibility of the Trusted 3rd Party to issue Health Department Certificates to legitimate and eligible Health Departments only and that an effective validation of legitimacy is in place. Luca is not involved in the issuing of the Health Department Certificate.
Registration of the Health Department¶
In order to be onboarded to luca the Health Department contacts the Luca Service Operator. The Luca Service Operator helps to provide the Health Department Information to the Luca Server and to set up an admin user account for one of the Health Department’s employees. The admin user can now access the Health Department Frontend using the Health Department Certificate (TLS client authentication) and the credentials for their user account.
Generation and Signing of Health Department Key Pairs¶
When the admin user logs into the Health Department Frontend for the first time the Health Department Frontend automatically generates two keypairs 1: the HDEKP (Health Department Encryption Key Pair) and the HDSKP (Health Department Signing Key Pair). These keypairs are used to secure various communications in luca, most notably the Daily Key Rotation Process.
After keypair generation, the administrator is requested to download the Health Department Certificate Signing Tool, a small desktop application used to sign the public keys of HDSKP and HDEKP using the Health Department Certificate. The Health Department Certificate Signing Tool guides the admin user through the signing process, asks for their consent to associate the freshly generated public keys with the identity of the Health Department, and signs them with the Health Department Certificate’s private key.
Once successfully signed, HDSKP and HDEKP are effectively certificates allowing the Health Department to securely communicate within the luca system. All above-mentioned private keys remain local and never leave the Health Department’s IT infrastructure.
Signing of existing Health Department Keypairs¶
Before the end of July 2021 the above-described HDSKP/HDEKP signing process was not implemented. Since then, Health Department administrators of existing Health Departments are requested to retroactively sign their Health Department keypairs as described above. Once all Health Departments have signed their key pairs, all relevant clients will start verifying the full certificate chain to the trust anchor of the Trusted 3rd Party where necessary.
Re-Encryption of the Daily Keypair¶
In the final step of the onboarding process all recent (epidemiologically relevant) daily keypairs need to be re-encrypted for the new Health Department. This is necessary in order for the new Health Department to be able to decrypt existing daily keypairs with its HDEKP. The re-encryption process is triggered automatically and carried out by any other Health Department that is currently logged in to the Health Department Frontend as follows:
fetch and verify all Health Departments’ HDEKP certificates (including the new Health Department’s recently created key)
download all relevant daily keypairs
decrypt them using its own HDEKP’s private key
encrypt them for all other Health Departments’ HDEKPs
upload them back to the Luca Server
This process is very similar to the rotation of the daily keypair. Please refer to that chapter for further details.
Adding Further (Non-Admin) Employees¶
The admin user can create further user accounts that do not have administrative access in the Health Department Frontend. Like the admin user, those users can authenticate to the Health Department Frontend using their individual credentials and the Health Department Certificate and use it for contact tracing.
Both HDSKP and HDEKP are ECC key pairs on NIST’s P-256 curve.