Where to find the Encryption Certificate

dragon_king · September 6, 2023, 9:13am

in the mds specification document

the document said i can download the certificates from the blew url.
POST https://{base_url}/v1/masterdata/device/encryptioncertficates`

The Encryption Certificate is used the encrypt the bio Data.
I deploy the sandbox env , but i don’t know the base_url. and I also can not find the path is the mosip github code.

sanchi-singh24 · September 7, 2023, 6:33am

Hey @dragon_king

Thanks for raising the concern I will ask one of my team members to look into this asap and guide you.

Best Regards,
Team MOSIP

dragon_king · September 8, 2023, 12:29am

is the certificate the same as the certificate get from IDA with applicationId=IDA and referenceId=IDA-FIR.

or from ida-internal-service swagger (requires authmanager token authentication): https://domain/idauthentication/v1/internal/swagger-ui.html#/keymanager/getCertificateUsingGET 1

Roady · September 14, 2023, 2:43pm

Hi @dragon_king

I think you are correct. The IDA-FIR is downloaded from the above URL which needs authentication. I also see the same in MOSIP’s mock application.

github.com

mosip/mosip-mock-services/blob/d7e3525a9d0f9866b4987feef48f9f81f3588388/MockMDS/application.properties#L93


      
          mosip.mock.sbi.folder.profile=/Profile

          mosip.mock.sbi.file.folder.default=/Profile/Default

          

          mosip.kernel.crypto.sign-algorithm-name=RS256

          

          mosip.auth.server.url=https://extint1.mosip.net/v1/authmanager/authenticate/clientidsecretkey

          mosip.auth.appid=regproc

          mosip.auth.clientid=mosip-regproc-client

          mosip.auth.secretkey=abc123

          

          mosip.ida.server.url=https://extint1.mosip.net/idauthentication/v1/internal/getCertificate?applicationId=IDA&referenceId=IDA-FIR

          

          mds_ERROR_0_msg_en=Success

          

          mds_ERROR_100_msg_en=Device not registered

          mds_ERROR_101_msg_en=Unable to detect a biometric object

          mds_ERROR_102_msg_en=Technical error during extraction

          mds_ERROR_103_msg_en=Device tamper detected

          mds_ERROR_104_msg_en=Unable to connect to management server

          mds_ERROR_105_msg_en=Image orientation error

          mds_ERROR_106_msg_en=Device not found

MOSIP team, can you confirm this?

You need to fix this in your MDS specifications as I don’t see any API related to encryption certificate exposed from masterdata service.

Thanks,
Roady

LoganathanSekar7627 · September 15, 2023, 10:16am

@dragon_king , In real MDS the certificate should be taken from the .cer file as the same will be shared to the MDS providers as a .cer file. This mock-mds implementation which is taking the certificate from IDA internal service is purely for the ease of configuration but the same should not be followed on real MDS.

dragon_king · September 18, 2023, 12:45am

thanks. In the ctk env, I use the encryption here below as the image show.

sanchi-singh24 · September 18, 2023, 7:17am

I hope your issue is resolved @dragon_king