Public Key List

[ChristianFranke]

The trusted keys which will be used by verifiers are published in a list which includes all public keys together with issuer metadata. The keys which from time to time are used to sign the HCERTs and should be trusted are included on the Trusted List. There are no CAs or other intermediate parties involved in the validation process in the verifier. If a CSCA'ss public keys appear in the list - they are only there to facilitate the creation of the trusted list of public keys itself. They are not used during verification of an HCERT (as this is generally offline -- and purely based on the trusted list of that day).

Where exactly (Url) can I find the list of PublicKeys to check a payload?

[jschlyter]

The public keys are available via the DCC Gateway, and via trusted lists published by the member states. The Swedish trusted list is available at https://dgcg.covidbevis.se/tp/.

[dajiaji]

@jschlyter Can I ask a question? How do countries other than Sweden provide their public key lists for Verifier Apps?

According to this specification, each country can adopt its own method, but I would like to know the actual situation. Specifically, do most countries use the Verifier API defined in https://eu-digital-green-certificates.github.io/dgca-verifier-service/ ? Sorry for bothering you.