- TLS Server Certificate¶
This is the Luca Server’s TLS server certificate that is issued by D-Trust for the *.luca-app.de domain.
- Health Department Certificate¶
This certificate is created and maintained by an external, trusted Certificate Authority.
Each Health Department has their own HDSKP which is signed using the respective Health Department Certificate.
- daily keypair¶
The keypair’s public key is signed using the HDSKP and stored on the Luca Server. Its private key is encrypted for each registered Health Department’s HDEKP. The encrypted private keys are stored on the Luca Server.
The daily keypair’s life cycle and usage is detailed in the chapter Daily Keypair Rotation.
- badge keypair¶
The keypair that encrypts contact data references for static Badges. It is technically equivalent to the daily keypair but is used exclusively by a Trusted 3rd Party during the generation of static Badges.
Its private key is owned by the Health Department and is used to decrypt Check-Ins created using a static Badge. The badge keypair can be issued by any Health Department and is signed by the respective Health Department’s HDSKP.