Versions Compared

Version Old Version 3 New Version 4
Changes made by

Magnus Lundgren (Unlicensed)

Fredrik Ljunggren

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The purpose of the interim key-storage is to get online with an common a temporary AB for the early-adapting participants of the Mobile Ticket SpecificationSpecifications. This is not an a complete AB as we believe there are more functions to come. The API is based upon the same principles as the coming API-specs from the project, but the permanent solution will be more detailed.

The interim solution for key storage is divided into two parts:

  • The key storage where everyone can fetch the key-list on an open url. The keylist can be fetched from http://api.mobileticket.se/keylist The keylist is updated every 5 minutes.
  • The key handling in which an a client with an a PID via email can send in an new public keypublish or remove public keys.

Keylist

The keylist can be fetched from <URL>


Key handling

 

Key-management

Overview

In the interim key

handling new

-management mechanism, keys are published

on the keylist via email. Keys

to and removed from the keylist via preformatted signed e-mail to the AB.

Each Participant (with an assigned PID) can take part in the key-management after a "hand shake" where the Participant physically deliver, to a delegate of the AB, their public component of the key used for signing the key-management e-mails.

The key-management key will be verified with a signed message in return to the Participant.

The keys shall be delivered within an JWS according to mts4 but

with the following content:The JWS Protected Header shall contain the following fields:
{
"alg": 'EC',
  "kid": string <kid defined from the AB>,
  "authid": string <your PID> ,
 "notvalidafter": integer (unix timestamp),
  "serial": integer (serialNumber),
}

The JWS Payload shall contain the following fields:

{
    'mtbPublicKeys'  [ JWK Object, JWK Object .. JWK Object ],
}

 

 

specified as in here.

Key management requests are sent via e-mail to keyhandling@mobileticket.se. After successfully authenticating the content of the e-mails, key information are subject to a manual check and then imported into the key management system.

After a successful import the system will send a confirmation email to the predefined recipient of the Participant.

All transactions will be logged.