Skip to content
This repository has been archived by the owner on Oct 31, 2021. It is now read-only.

EFGS integration

Jump to bottom
vonStichen edited this page Dec 3, 2020 · 3 revisions

eRouška is part of a common European effort called EFGS - European Federation Gateway Service which servers for the international exchange of infected TEKs.

flow diagram

As part of this integration, several functions were implemented:

  1. PublishKeys for collecting uploaded keys - this is a proxy to Key Server
  2. EfgsUploadBatch for upload of collected keys in a batch
  3. EfgsDownloadBatch for download of foreign keys from EFGS
  4. EfgsCallback for receiving info about prepared batch - triggers EfgsDownloadBatch

Because interaction with EFGS is secured by cryptography, some certificates and related keys are needed. They are stored in Google Secrets Manager with the functions having access rights there.

EFGS Patterns Overview

EU Member States that are part of the EFGS scheme choose one of the following integration patterns.

Country of Interest pattern

The EN API app prompts the user to pick countries the user visits. Keys from this user uploaded to EFGS have the list of visited countries attached. The app of the user downloads all the keys marked for the home country of the user as well as all the keys marked for the countries the user picked.

EU Traveller pattern

The EN API app prompts the user to state whether he travels outside his home country. Keys from a travelling user have the full-country list of visited countries attached, as he may have travelled to any one of the list. Keys from a non-travelling user have the visited countries list empty. The app of the travelling user downloads all the keys marked for the home country of the user as well as all the keys marked for all the countries participating in the EFGS (again, as he may have travelled to any one of the list). The app of the non-travelling user downloads only the keys marked for the home country of the user.

One World pattern

The user does not specify whether he travels or where. Keys from the user have the full-country list of visited countries attached, as he may have travelled to any one of the list. The app of the user downloads all the keys marked for the home country of the user as well as all the keys marked for all the countries participating in the EFGS (again, as he may have travelled to any one of the list).

eRouska pattern

eRouska will be using the EU Traveller scheme.

Upload to EFGS

Keys received from eRouska users will have inter alia the following attributes:

  • consentToFederation (boolean)
  • traveler (boolean)

The value of the attributes is based on the user's decision upon the upload of the keys. Keys with consentToFederation = true will be uploaded to EFGS. Keys with consentToFederation = false will not. Keys with traveler = true will be marked for every country in the EFGS. Keys with traveler = false will be marked for CZ only.

Download from EFGS

Keys marked with "CZ" in the visitedCountries list will be mixed into the Czech file. Keys not marked with "CZ" in the visitedCountries list will be stored in individual files based on the keys' country of origin. eRouska users which are non-travellers will download the Czech file only. eRouska users which are travellers will download the Czech file and every other file.

Clone this wiki locally