Exposure Notification Reference Key Server

View on GitHub

Getting Started

    How to Deploy
    Application Configuration
    How to Publish Keys
    How to Download Keys
    Key Server Migration Guide
    Estimating the Cost of Deployment


    Server Deployment Options
    Server Functional Requirements
    Verification Protocol Design
    API Definitions

Migration to Google Exposure Notifications Server

This document outlines the process for migrating an existing Exposure Notifications server to the Google Exposure Notifications server. This process applies regardless of whether your Exposure Notifications server uses this codebase.



Migration Process

Configure state exports for a second location

The state server must generate export files in a second location (for consuption by the national sever). This is necessary because the state sever will need to continue to produce state-level exports for migration reasons, but will need to keep client-facing exports in their current location.

It is recommended to use a separate signing key for these exports than the one already used for exports destined for clients. This is only a recommendation and is not necessary since the current signing key will be rotated away from client usage.

Start importing keys

Configure the export-importer job to import keys from the state server to the national server.

This requres that the public key portion of the export signing key for the state is shared with the national server.

These imported keys will start being shared as part of the national export.

Export mirroring

These next actions need to happen as quickly as possible, and as close together as possible.

The state will rotate it’s signing key to be that of the national server by informing Apple and Google of the change. It’s best to request an expedited rotation if available.

Configure the state server to mirror the national exports on the currently known client CDN / download location.

This can be done via the mirror job (./cmd/mirror) located in this repository.

End state

All client apps for the state will now be uploading keys to the state server and downloading keys from the national server. This gives all users full coverage.

This is a terminal state for the read-only migration option.

Full migration / application update

The state will now push a client application update that directs clients to upload to and download from the national server directly.

When this is done, the state server can be decommissioned and the export-importer job turned down.

If this is being down through an App Store / Play Store application update, this may take a while and it is up to the state to determine what an appropriate amount of time to run in this exprort-import-mirror state is.

Edit this page