Introduction

This repository contains the template for building onboarding informations for the Smart Trust Network Attendees. This includes CSCAs, Auth information, signing information and other relevant files for onboarding a participant.

Prerequisites

Collect this information and transfer it for each environment:

Create an private git repository on github.
Prepare the following information for onboarding request:
- Environment Repository (all private to hide uploader's identity) (DEV, UAT, PROD)
- Repository URL
- Invite WHO Bot User to Repository (with read rights). The Bot User is: tng-bot for production and tng-bot-dev for development and acceptance environments.
- Create GPG Keys for responsible persons for each environment (for tagging)
Fill in content for your country:
- for DEV and UAT environments you may use the conf files and the certgen bash script as a guideline
Send an onboarding/participation request to tng-support@who.int

GPG Keys

Follow the instructions to create a key.

Algorithm RSA or EC. Minimum Keylength 4096 bit (RSA) or 256 bit (EC)

Procedure

The Repo will be onboarded + the Public GPG keys. Export it by using:

gpg --amor --export [key-id]

Keys can be listed by:

gpg -k

Tag the version of your latest informations by using git tag + signing commands either from terminal or developer IDE. Please Note that an update in github web desktop itself is not working, because the platform will use an intermediate key.
The Bot user clones the latest tag of your private repo and verifies the signature of the tag against the onboarded GPG keys
After verification the content will be taken over for your country
The bot creates a PR

Domains

For further domains, add a new folder under onboarding and copy the DCC folder structure.

Available Domains:

DCC
DDCC
DIVOC
ICAO
SHC

Trusted Issuer