Public Keys Management

As we mentioned in Verifying QRs section, the public key verification is just one of several steps of verifying QRs integrity and validity.

Public keys are used for integrity validation of issued Greenpass certificates.

Backend support

EU countries provide 2 kind of APIs for this:

• one that returns base64 encoded certificates per KID (key identifier),
• and the second that returns list of valid KIDs - simply, if certificate with given KID is not in this

These 2 APIs usually come documented by OpenAPI. Therefore, raw Swagger definition is also included in the mobile app sources.

However, as the size of the data for managing these keys is small, we decided to store these data in 2 JSONs hosted in AWS S3.

Examples

Additional Features

If public key is expired, user will have an option to delete it, and therefore all certificated scanned after the deletion of the key, that relies on that key, will be considered as invalid.