cwa-documentation icon indicating copy to clipboard operation
cwa-documentation copied to clipboard

Published 20 hours ago verified publisher icon corona-warn-app

Document public key used to sign exposure file in production system

Open Bubu opened this issue 3 years ago • 7 comments

It seems that currently the public key used to sign the exposure file/diagnosis keys that the CWA app receives from the backend server isn't documented anywhere.

Having this key publicly available would help enabling the signature verification in the microG exposure notification framework, see https://github.com/microg/GmsCore/issues/1307 for background discussion.

Internal Tracking ID: EXPOSUREAPP-10469

Bubu avatar Nov 08 '21 13:11 Bubu

@Bubu Thanks for your request. Internal Tracking ID: EXPOSUREAPP-10469

dsarkar avatar Nov 08 '21 13:11 dsarkar

@Bubu This is the public key:

MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEc7DEstcUIRcyk35OYDJ95/hTg3UVhsaDXKT0zK7NhHPXoyzipEnOp3GyNXDVpaPi3cAfQmxeuFMZAIX2+6A5Xg==

We'll need to check where we could put it in this repo.

mlenkeit avatar Nov 08 '21 14:11 mlenkeit

@Bubu In the past, signature verification by Google's ENS could take an incredibly high amount of time for unknown reasons for older/low-end phones. On my LG-G4 it took around 70s in one test (derived from syslog some months ago). I'd suggest to do some performance checks when you enable it for microG. If microG has no problems at all to speedy verify signatures, then I'd suggest to have a look into Google's code (if possible) and file a bug report to them. Unfortunately, since Google deactivated syslog for ENS in Europe due to data privacy reasons (elsewhere it's still active 😠 ), it's not possible to benchmark Google's signature verification currently.

vaubaehn avatar Nov 08 '21 19:11 vaubaehn

@vaubaehn I just did a very minimal test with the public key from above added to the microG lib and verification was still very fast. I'm not too concerned about debugging googles implementation here though, I'll leave that to others :-).

@mlenkeit Thank you for the super quick reply to this issue! As noted above, I added the key and everything seems to be working :+1:.

Bubu avatar Nov 09 '21 14:11 Bubu

@Bubu Thanks for the feedback. Happy to hear it's working good. So, If I got it right, ENS is actively downloading the public key everytime for signature verification? Then here's probably the bottleneck that I experienced... Good you can hard code the keys into microG.

I'm not too concerned about debugging googles implementation here though, I'll leave that to others :-).

True 😋

vaubaehn avatar Nov 11 '21 14:11 vaubaehn

@vaubaehn

If I got it right, ENS is actively downloading the public key everytime for signature verification?

No, as far as I understand, apps have to provide their public key to Google/Apple when they request access to the ENF. At least that's what I gleamed from the respective documentations (Google), so I guess they keep an offline list of them somewhere in the ENF.

The comparing of the downloaded Diagonsis Keys (of people who are exposed) with the RPI collected by your phone gets more demanding as more people get sick, since your phone calculates all RPIs for all people who are sick (since it does not know anything about location, so if someone in Berlin gets sick and you live in Wuppertal you will still calculate his RPIs). I am guessing thats quite a lot to handle for older phones maybe? But I never actually benchmarked any of this.

awaigand avatar Nov 20 '21 22:11 awaigand

@mlenkeit Did you meanwhile find a place where the key could be added?

Ein-Tim avatar Apr 18 '22 19:04 Ein-Tim