Last I checked, the process of procuring a ‘digital-sky’ public key was hacky.
Most implementations rely on extracting the public-key from a certificate embedded in the response of a Fly Drone Permission Artifact Download API call.
You can find the API here -
Here’s the rough workflow for the above method -
- The digital-sky platform signs a Permission Artifact with its private key.
- The public key corresponding to this private key is embedded in an X.509 certificate.
- The response to the Fly Drone Permission Artifact Download API call contains both the signature and the certificate.
- We extract the public key and use it to verify the Permission Artifact
However, this is not ideal when procuring crypto-keys. For situations such as this, we need to use an out-of-band mechanism to retrieve the public-key for security reasons.
- Decoupling the API call from the ‘public key retrieval process’ is recommended as a bug in the API call wouldn’t compromise the entire verification process
- Out-of-band mechanisms can further be expanded to add additional authentication schemes such as mutual TLS etc for added security.
Note: I’m not sure if the situation has changed but you can refer to the digital sky forum for more info or the latest RPAS guidance manual - https://go.aws/2T4jdTt
what stage part of your question - this has to happen before you can make the Fly Drone Permission Artifact Download API call.