Secrets and Identifiers¶
System-wide List of Secrets¶
- daily keypair
The keypair’s public key is signed using the HDSKP and stored on the Luca Server. Its private key is encrypted for each registered Health Department’s HDEKP. The encrypted private keys are stored on the Luca Server.
The daily keypair’s life cycle and usage is detailed in the chapter Daily Keypair Rotation.
- badge keypair
The keypair that encrypts contact data references for static Badges. The public key is used exclusively by a Trusted 3rd Party during the generation of static Badges. Its private key is owned by the Health Department and is used to decrypt Check-Ins created using a static Badge.
- badge attestation keypair
This keypair signs static Badges during their generation. Its private key is kept in the Luca Server and is used via an authenticated API endpoint by the Badge Generator. The Scanner Frontend uses the public key to verify that a presented Badge is valid and registered with the Luca Server.
- data secret
A secret cryptographic seed which is used to derive both the data encryption key and the data authentication key. This seed is encrypted twice before being sent to the Luca Server during Check-In and ultimately protects the Guest’s Contact Data. It is stored locally in the Guest App.
- data encryption key
- data authentication key
A symmetric key derived from the data secret during Guest Registration. It is used to authenticate the Guest’s Contact Data and Check-Ins. The data authentication key is stored encrypted on the Luca Server as a part of the encrypted guest data.
- guest keypair
An asymmetric keypair created during the Guest Registration.
The “Health Department Encryption Keypair” is used to encrypt the daily keypair’s private key. Each Health Department has their own HDEKP.
The public of this keypair is signed using the HDSKP and stored on the Luca Server. The private key is stored locally at the Health Department.
The “Health Department Signing Keypair” is used to authenticate the HDEKP. Each Health Department has their own HDSKP.
- Health Department Certificate
This certificate is created in a manual process by the Luca Service Operator and signed by an external, trusted Certificate Authority.
- tracing secret
A randomly generated seed used to derive trace IDs when checking in using the Guest App. It is stored locally on the Guest App until it is shared with the Health Department during contact tracing. Moreover, the tracing secret is rotated on a regular basis in order to limit the number of trace IDs that can be reconstruced when the secret is shared.
- tracing TAN
The tracing TAN (Transaction Authentication Number) is a human readable code that is used during the process of Contact Tracing. By requesting a TAN from the Luca Server and communicating it to the Health Department an Infected Guest grants the Health Department access to their Contact Data.
- venue keypair
An asymmetric keypair generated locally in the Venue Owner Frontend upon Venue Registration. The keypair’s public key is used by the Scanner Frontend to add the outer layer of encryption to the contact data reference (which is already encrypted for the daily keypair) during Guest Check-In. Its private key is stored locally.
- verification TAN
The verification TAN (Transaction Authentication Number) is a human readable code that is used to verify the Guest’s phone number during Guest Registration.
- badge serial number
The 12-digit serial number that is printed on the flip-side of each Badge. A 56-bit random number that acts as a seed to derive all secrets associated with the Badge and encoded into the Badge’s QR code.
- user ID
- trace ID
An opaque identifier derived from a Guest’s user ID and tracing secret during Guest Check-In. It is used to identify Check-Ins by an Infected Guest after that Guest shared their tracing secret with the Health Department.
- venue ID
- scanner ID
- daily keypair ID
An identifier for the daily keypair.
- verification tag
A tag used to verify the authenticity of the contact data reference.
- encrypted guest data
This object contains the Contact Data and data authentication key. It is encrypted with the data encryption key, signed with the guest keypair and uploaded to the Luca Server during Guest Registration.
- guest data transfer object
This object contains an Infected Guest’s tracing secrets, user ID and data secret. During Tracing the Check-In History of an Infected Guest the Guest App encrypts the guest data transfer object for the daily keypair and shares it (via the Luca Server) with the Health Department.
- contact data reference
The contact data reference combines the user ID, the data secret and a verification tag. Encrypted with both the daily keypair and the venue keypair it is included in each Check-In during Guest Check-In.