Secrets and Identifiers¶
System-wide List of Secrets¶
- badge attestation keypair¶
This keypair signs static Badges during their generation. Its private key is kept in the Luca Server and is used via an authenticated API endpoint by the Badge Generator. The Scanner Frontend uses the public key to verify that a presented Badge is valid and registered with the Luca Server.
- data secret¶
A secret cryptographic seed which is used to derive both the data encryption key and the data authentication key. This seed is encrypted twice before being sent to the Luca Server during Check-In and ultimately protects the Guest’s Contact Data. It is stored locally in the Guest App.
- data encryption key¶
- data authentication key¶
A symmetric key derived from the data secret during Guest Registration. It is used to authenticate the Guest’s Contact Data and Check-Ins. The data authentication key is stored encrypted on the Luca Server as a part of the encrypted guest data.
- guest keypair¶
An asymmetric keypair created during the Guest Registration.
- tracing secret¶
A randomly generated seed used to derive trace IDs when checking in using the Guest App. It is stored locally on the Guest App until it is shared with the Health Department during contact tracing. Moreover, the tracing secret is rotated on a regular basis in order to limit the number of trace IDs that can be reconstruced when the secret is shared.
- tracing TAN¶
The tracing TAN (Transaction Authentication Number) is a human readable code that is used during the process of Contact Tracing. By requesting a TAN from the Luca Server and communicating it to the Health Department an Infected Guest grants the Health Department access to their Contact Data.
- venue keypair¶
An asymmetric keypair generated locally in the Venue Owner Frontend upon Venue Registration. The keypair’s public key is used by the Scanner Frontend to add the outer layer of encryption to the contact data reference (which is already encrypted for the daily keypair) during Guest Check-In. Its private key is stored locally.
- verification TAN¶
The verification TAN (Transaction Authentication Number) is a human readable code that is used to verify the Guest’s phone number during Guest Registration.
- badge serial number¶
The 12-digit serial number that is printed on the flip-side of each Badge. A 56-bit random number that acts as a seed to derive all secrets associated with the Badge and encoded into the Badge’s QR code.
- user ID¶
- trace ID¶
An opaque identifier derived from a Guest’s user ID and tracing secret during Guest Check-In. It is used to identify Check-Ins by an Infected Guest after that Guest shared their tracing secret with the Health Department.
- venue ID¶
- scanner ID¶
- daily keypair ID¶
An identifier for the daily keypair.
- verification tag¶
A tag used to verify the authenticity of the contact data reference.
- encrypted guest data¶
This object contains the Contact Data and data authentication key. It is encrypted with the data encryption key, signed with the guest keypair and uploaded to the Luca Server during Guest Registration.
- guest data transfer object¶
This object contains an Infected Guest’s tracing secrets, user ID and data secret. During Tracing the Check-In History of an Infected Guest the Guest App encrypts the guest data transfer object for the daily keypair and shares it (via the Luca Server) with the Health Department.
- contact data reference¶
The contact data reference combines the user ID, the data secret and a verification tag. Encrypted with both the daily keypair and the venue keypair it is included in each Check-In during Guest Check-In.