Question: Expiration time

ehn-dcc-development / hcert-kotlin

Kotlin multiplatform implementation of the HCERT/DCC specification

Apache License 2.0

25 stars 25 forks source link

Question: Expiration time #26

Closed Alival-IT closed 3 years ago

Alival-IT commented 3 years ago

Hello @nodh

I just wanted to ask if there is a requirement from EU to throw away the data if the signing is expired. I was searching for it but could not find.

    /**
     * `exp` claim SHALL hold a timestamp.
     * Verifier MUST reject the payload after expiration.
     * It MUST not exceed the validity period of the DSC.
     */
    var expirationTime: Instant? = null

nodh commented 3 years ago

That's from the hcert-spec: https://github.com/ehn-dcc-development/hcert-spec/blob/main/hcert_spec.md#335-expiration-time