PKI Architecture

RootLens's three-layer certificate hierarchy for app-level content signing.

Scope

This page describes the PKI used for RootLens app-level signing. Hardware-level signers (Google, Sony, Leica) use their own PKI managed by the respective manufacturer.

Certificate Hierarchy

Root CAAWS KMS, 20 years
- iOS Intermediate CAAWS KMS
  - Device Certificate 90-day, TEE key
- Android Intermediate CAAWS KMS
  - Device Certificate 90-day, TEE key

	Root CA	Intermediate CA	Device Cert
Algorithm	ECDSA P-256	ECDSA P-256	ECDSA P-256
Storage	AWS KMS	AWS KMS	Device TEE
Validity	20 years	—	90 days
CA	TRUE, pathLen:1	TRUE, pathLen:0	FALSE
Key Usage	keyCertSign, cRLSign	keyCertSign	digitalSignature

Design Decisions

Platform Isolation

iOS and Android have separate Intermediate CAs, each with its own KMS key. If one platform's ICA is compromised, it can be revoked without affecting the other platform. The pathLenConstraint: 0 on each ICA prevents further delegation.

Short-Lived Device Certificates

Device Certificates are valid for only 90 days. This limits the window of exposure if a device is compromised. Certificates are renewed automatically 14 days before expiry in the background, without blocking the user.

KMS for Root and Intermediate CAs

The Root CA and Intermediate CA private keys live inside AWS KMS and cannot be exported.

Certificate Issuance Flow

Device

1. Generate key pair in TEE

EC P-256 (Secure Enclave / StrongBox)

Device

2. Create CSR

Self-signed = Proof of Possession

Device

3. Platform Attestation

iOS: App Attest / Android: Key Attestation + Play Integrity

4. CSR + Attestation →

Server

5-7. Verify

CSR signature, key algorithm, Platform Attestation

Server

8. Sign Device Certificate

ICA key via KMS

← 9. Device Cert + ICA Cert + Root Cert

Device

10. Store cert chain in TEE

Auto-renewal 14 days before expiry

Key Binding Verification

The server must verify that the public key in the CSR matches the key attested by the platform:

Platform	Binding Method
Android Key Attestation	The attestation certificate chain's leaf certificate contains the public key that was generated in the TEE. The server compares this public key with the CSR's public key. A match proves the CSR key lives in the TEE.
Android Play Integrity	The nonce in the integrity token is `SHA-256(CSR)`, binding the token to the specific CSR.
iOS App Attest	`clientDataHash = SHA-256(CSR)` is passed to the attestation API, binding the attestation to the CSR.

Certificate Revocation

A CRL (Certificate Revocation List) is published at /api/v1/crl. Revoked certificates are tracked by serial number in the database. The 90-day validity of Device Certificates provides a natural expiry mechanism — even without explicit revocation, a compromised certificate becomes unusable within 90 days.

PKI Rotation Detection

The app periodically checks whether the stored Device Certificate was signed by the current Intermediate CA. If the ICA has been rotated (e.g., due to a security incident), the check fails and the app re-provisions a new Device Certificate.

← PreviousClient-Side Verification