Please publish the public key needed for verifying EN export files

immuni-app / immuni-documentation

Repo for Immuni's documentation.

Other

936 stars 65 forks source link

Please publish the public key needed for verifying EN export files #114

Closed mt19937-64 closed 1 year ago

mt19937-64 commented 4 years ago

Hi,

based on the Exposure Notification Server specs by Apple and Google, files published via your API at https://get.immuni.gov.it/v1/keys/[:id] are signed with an ECDSA / P-256 private key.

Details of the key at the time of writing are:

    verification_key_version: "v1"
    verification_key_id: "222"

Please make the corresponding public key openly available so that any third party can verify that exposure notification archives downloaded via your API have not been tampered with.

mt19937-64 commented 4 years ago

@immuniopensource is it possible to get an answer or at least an ETA on this? 🙏

mt19937-64 commented 4 years ago

@immuniopensource @immunistaff any update you can share please?