COMMISSION IMPLEMENTING DECISION (EU) 2021/1073
of 28 June 2021
laying down technical specifications and rules for the implementation of the trust framework for the EU Digital COVID Certificate established by Regulation (EU) 2021/953 of the European Parliament and of the Council
(Text with EEA relevance)
Article 1
Article 2
Article 3
Article 4
ANNEX I
FORMAT AND TRUST MANAGEMENT
Generic data structure, encoding mechanisms and transport encoding mechanism in a machine-readable optical format (hereinafter called ‘QR’)
1.
Introduction
2.
Terminology
3.
Electronic Health Certificate Container Format
3.1.
Structure of the payload
3.2.
CWT Claims
3.2.1.
CWT Structure Overview
3.2.2.
Signature Algorithm
3.2.3.
Key Identifier
3.2.4.
Issuer
3.2.5.
Expiration Time
3.2.6.
Issued At
3.2.7.
Health Certificate Claim
4.
Serialisation and creation of the DCC payload
5.
Transport Encodings
5.1.
Raw
5.2.
Barcode
5.2.1.
Payload (CWT) Compression
5.2.2.
QR 2D Barcode
6.
Trust List Format (CSCA and DSC list)
6.1.
Simplified CSCA/DSC
6.2.
ICAO eMRTD PKI and Trust Centers
7.
Security Considerations
7.1.
HCERT signature validity time
7.2.
Key management
7.3.
Input data validation
8.
Trust Management
8.1.
The Key Identifier (kids)
8.2.
Differences to the ICAO eMRTD PKI trust model
ANNEX II
RULES FOR THE PURPOSE OF POPULATING THE EU DIGITAL COVID CERTIFICATE
1.
Disease or agent targeted/Disease or agent from which the holder has recovered: COVID-19 (SARS-CoV-2 or one of its variants)
2.
COVID-19 vaccine or prophylaxis
3.
COVID-19 vaccine medicinal product
4.
COVID-19 vaccine marketing authorisation holder or manufacturer
5.
Number in a series of doses as well as the overall number of doses in the series
6.
Member State or third country in which the vaccine was administered/test was carried out
7.
The type of test
8.
Manufacturer and commercial name of the test used (optional for NAAT test)
9.
Result of the test
ANNEX III
COMMON STRUCTURE OF THE UNIQUE CERTIFICATE IDENTIFIER
1.
Introduction
2.
Composition of the unique certificate identifier
3.
General requirements
4.
Options for unique certificate identifiers for vaccination certificates
ANNEX IV
PUBLIC KEY CERTIFICATE GOVERNANCE
1.
Introduction
2.
Terminology
Term |
Definition |
Certificate |
Or public key certificate. An X.509 v3 certificate that contains the public key of an entity |
CSCA |
Country Signing Certificate Authority |
DCC |
EU Digital COVID Certificate. A signed digital document that contains vaccination, test or recovery information |
DCCG |
EU Digital COVID Certificate Gateway. This system is used to exchange DSCs between the Member States |
DCCGTA |
The Trust Anchor certificate of the DCCG. The corresponding private key is used to sign the list of all CSCA certificates offline |
DCCGTLS |
The TLS server certificate of the DCCG |
DSC |
Document Signer Certificate. The Public Key Certificate of a Member State’s document signing authority (for example, a system that is allowed to sign DCCs). This certificate is issued by the CSCA of the Member State |
EC-DSA |
Elliptic Curve Digital Signature Algorithm. A cryptographic signature algorithm based on elliptic curves |
Member State |
Member State of the European Union |
mTLS |
Mutual TLS. The Transport Layer Security Protocol with mutual authentication |
NB |
National backend of a Member State |
NBCSCA |
The CSCA certificate of a Member State (could be more than one) |
NBTLS |
The TLS client authentication certificate of a national backend |
NBUP |
The certificate that a national backend uses to sign data packages that are uploaded to the DCCG |
PKI |
Public Key Infrastructure. Trust model based on public key certificates and certificate authorities |
RSA |
Asymmetric cryptographic algorithm based on integer factorization used for digital signatures or asymmetric encryption |
3.
DCCG communication flows and security services
3.1.
Authentication and connection establishment
3.2.
Country Signing Certificate Authorities and Validation Model
3.3.
Integrity and authenticity of uploaded data
3.4.
Requirements on the technical DCCG architecture
4.
Certificate Lifecycle Management
4.1.
Registration of National Backends
4.2.
Certificate authorities, validity periods and renewal
4.3.
Revocation of certificates
5.
Certificate Templates
5.1.
Cryptographic requirements
5.1.1.
Requirements on the DSC
5.1.2.
Requirements on TLS, Upload and CSCA certificates
Signature Algorithm |
Key size |
Hash function |
EC-DSA |
Min. 250 Bit |
SHA-2 with an output length ≥ 256 Bit |
RSA-PSS (recommended padding) RSA-PKCS#1 v1.5 (legacy padding) |
Min. 3000 Bit RSA Modulus (N) with a public exponent e > 2^16 |
SHA-2 with an output length ≥ 256 Bit |
DSA |
Min. 3000 Bit prime p, 250 Bit key q |
SHA-2 with an output length ≥ 256 Bit |
5.2.
CSCA certificate (NB
CSCA
)
Field |
Value |
Subject |
cn= < non-empty and unique common name > , o= < Provider > , c= < Member State operating the CSCA > |
Key usage |
certificate signing, CRL signing (at minimum) |
Basic Constraints |
CA = true, path length constraints = 0 |
5.3.
Document Signer Certificate (DSC)
Field |
Value |
Serial Number |
unique serial number |
Subject |
cn= < non-empty and unique common name >, o= < Provider > , c= < Member State that uses this DSC > |
Key Usage |
digital signature (at minimum) |
Field |
Value |
extendedKeyUsage |
1.3.6.1.4.1.1847.2021.1.1 for Test Issuers |
extendedKeyUsage |
1.3.6.1.4.1.1847.2021.1.2 for Vaccination Issuers |
extendedKeyUsage |
1.3.6.1.4.1.1847.2021.1.3 for Recovery Issuers |
5.4.
Upload Certificates (NBUP)
Field |
Value |
Subject |
cn= < non-empty and unique common name >, o= < Provider > , c= < Member State that uses this upload certificate > |
Key Usage |
digital signature (at minimum) |
5.5.
National Backend TLS Client Authentication (NB
TLS
)
Field |
Value |
Subject |
cn= < non-empty and unique common name >, o= < Provider > , c= < Member State on the NB > |
Key Usage |
digital signature (at minimum) |
Extended key usage |
client authentication ( 1.3.6.1.5.5.7.3.2) |
5.6.
Trust list signature certificate (DCCG
TA
)
Field |
Value |
Subject |
cn = Digital Green Certificate Gateway (5) , o= < Provider > , c= < country > |
Key Usage |
digital signature (at minimum) |
5.7.
DCCG TLS Server certificates (DCCG
TLS
)
Field |
Value |
Subject |
cn= < FQDN or IP address of the DCCG > , o= < Provider > , c= < country > |
SubjectAltName |
dNSName: < DCCG DNS name > or iPAddress: < DCCG IP address > |
Key Usage |
digital signature (at minimum) |
Extended Key usage |
server authentication ( 1.3.6.1.5.5.7.3.1) |