diff --git a/.idea/FIT-Connect-PoC.iml b/.idea/FIT-Connect-PoC.iml
new file mode 100644
index 0000000000000000000000000000000000000000..6711606311e2664bd835f92b5c114681d2e284f5
--- /dev/null
+++ b/.idea/FIT-Connect-PoC.iml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="PYTHON_MODULE" version="4">
+ <component name="NewModuleRootManager">
+ <content url="file://$MODULE_DIR$" />
+ <orderEntry type="inheritedJdk" />
+ <orderEntry type="sourceFolder" forTests="false" />
+ </component>
+ <component name="TestRunnerService">
+ <option name="PROJECT_TEST_RUNNER" value="Unittests" />
+ </component>
+</module>
\ No newline at end of file
diff --git a/.idea/encodings.xml b/.idea/encodings.xml
new file mode 100644
index 0000000000000000000000000000000000000000..15a15b218a29e09c9190992732698d646e4d659a
--- /dev/null
+++ b/.idea/encodings.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="Encoding" addBOMForNewFiles="with NO BOM" />
+</project>
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000000000000000000000000000000000000..865611434f0cce78ec2223c6c4d52a717e8ec1c1
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="JavaScriptSettings">
+ <option name="languageLevel" value="ES6" />
+ </component>
+ <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.7" project-jdk-type="Python SDK" />
+</project>
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000000000000000000000000000000000000..781a346b4fae10025029053e92ac6d420597cb9d
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="ProjectModuleManager">
+ <modules>
+ <module fileurl="file://$PROJECT_DIR$/.idea/FIT-Connect-PoC.iml" filepath="$PROJECT_DIR$/.idea/FIT-Connect-PoC.iml" />
+ </modules>
+ </component>
+</project>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000000000000000000000000000000000000..94a25f7f4cb416c083d265558da75d457237d671
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="VcsDirectoryMappings">
+ <mapping directory="$PROJECT_DIR$" vcs="Git" />
+ </component>
+</project>
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000000000000000000000000000000000000..b494ee47d94e643a6da13dd9a82f899076067f38
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,339 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="ChangeListManager">
+ <list default="true" id="754e8bb5-b2bb-4f04-b2b4-56f3999c3d27" name="Default Changelist" comment="">
+ <change beforePath="$PROJECT_DIR$/docs/Detailinformationen/Encryption.md" beforeDir="false" afterPath="$PROJECT_DIR$/docs/Detailinformationen/Encryption.md" afterDir="false" />
+ </list>
+ <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
+ <option name="SHOW_DIALOG" value="false" />
+ <option name="HIGHLIGHT_CONFLICTS" value="true" />
+ <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
+ <option name="LAST_RESOLUTION" value="IGNORE" />
+ </component>
+ <component name="FileEditorManager">
+ <leaf>
+ <file pinned="false" current-in-tab="true">
+ <entry file="file://$PROJECT_DIR$/docs/Detailinformationen/Encryption.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor relative-caret-position="525">
+ <caret line="35" selection-start-line="35" selection-end-line="35" />
+ </first_editor>
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ </file>
+ <file pinned="false" current-in-tab="false">
+ <entry file="file://$PROJECT_DIR$/docs/Detailinformationen/Glossar.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ </file>
+ <file pinned="false" current-in-tab="false">
+ <entry file="file://$PROJECT_DIR$/docs/2_Quick_Reference.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor relative-caret-position="-143" />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ </file>
+ <file pinned="false" current-in-tab="false">
+ <entry file="file://$PROJECT_DIR$/docs/3_Use_Cases_der_API.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor relative-caret-position="202">
+ <caret line="28" column="25" selection-start-line="28" selection-start-column="4" selection-end-line="28" selection-end-column="25" />
+ </first_editor>
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ </file>
+ <file pinned="false" current-in-tab="false">
+ <entry file="file://$PROJECT_DIR$/docs/4_Authentifizierung_und_Autorisierung.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ </file>
+ <file pinned="false" current-in-tab="false">
+ <entry file="file://$PROJECT_DIR$/docs/5_Status-_und_Fehlercodes.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ </file>
+ <file pinned="false" current-in-tab="false">
+ <entry file="file://$PROJECT_DIR$/README.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ </file>
+ <file pinned="false" current-in-tab="false">
+ <entry file="file://$PROJECT_DIR$/assets/images/api_overview/destination-id_publishing_jurisdiction-finder.png">
+ <provider selected="true" editor-type-id="images" />
+ </entry>
+ </file>
+ <file pinned="false" current-in-tab="false">
+ <entry file="file://$PROJECT_DIR$/assets/images/api_overview/FIEP_strategic_vision.png">
+ <provider selected="true" editor-type-id="images" />
+ </entry>
+ </file>
+ <file pinned="false" current-in-tab="false">
+ <entry file="file://$PROJECT_DIR$/assets/images/api_overview/future_integrationarchitecture.jpg">
+ <provider selected="true" editor-type-id="images" />
+ </entry>
+ </file>
+ </leaf>
+ </component>
+ <component name="Git.Settings">
+ <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
+ </component>
+ <component name="IdeDocumentHistory">
+ <option name="CHANGED_PATHS">
+ <list>
+ <option value="$PROJECT_DIR$/docs/Detailinformationen/Encryption.md" />
+ </list>
+ </option>
+ </component>
+ <component name="ProjectFrameBounds" extendedState="6">
+ <option name="x" value="7" />
+ <option name="y" value="286" />
+ <option name="width" value="1680" />
+ <option name="height" value="974" />
+ </component>
+ <component name="ProjectView">
+ <navigator proportions="" version="1">
+ <foldersAlwaysOnTop value="true" />
+ </navigator>
+ <panes>
+ <pane id="Scope" />
+ <pane id="ProjectPane">
+ <subPane>
+ <expand>
+ <path>
+ <item name="FIT-Connect-PoC" type="b2602c69:ProjectViewProjectNode" />
+ <item name="FIT-Connect-PoC" type="462c0819:PsiDirectoryNode" />
+ </path>
+ <path>
+ <item name="FIT-Connect-PoC" type="b2602c69:ProjectViewProjectNode" />
+ <item name="FIT-Connect-PoC" type="462c0819:PsiDirectoryNode" />
+ <item name="assets" type="462c0819:PsiDirectoryNode" />
+ </path>
+ <path>
+ <item name="FIT-Connect-PoC" type="b2602c69:ProjectViewProjectNode" />
+ <item name="FIT-Connect-PoC" type="462c0819:PsiDirectoryNode" />
+ <item name="assets" type="462c0819:PsiDirectoryNode" />
+ <item name="images" type="462c0819:PsiDirectoryNode" />
+ </path>
+ <path>
+ <item name="FIT-Connect-PoC" type="b2602c69:ProjectViewProjectNode" />
+ <item name="FIT-Connect-PoC" type="462c0819:PsiDirectoryNode" />
+ <item name="assets" type="462c0819:PsiDirectoryNode" />
+ <item name="images" type="462c0819:PsiDirectoryNode" />
+ <item name="api_overview" type="462c0819:PsiDirectoryNode" />
+ </path>
+ <path>
+ <item name="FIT-Connect-PoC" type="b2602c69:ProjectViewProjectNode" />
+ <item name="FIT-Connect-PoC" type="462c0819:PsiDirectoryNode" />
+ <item name="assets" type="462c0819:PsiDirectoryNode" />
+ <item name="images" type="462c0819:PsiDirectoryNode" />
+ <item name="encryption" type="462c0819:PsiDirectoryNode" />
+ </path>
+ <path>
+ <item name="FIT-Connect-PoC" type="b2602c69:ProjectViewProjectNode" />
+ <item name="FIT-Connect-PoC" type="462c0819:PsiDirectoryNode" />
+ <item name="docs" type="462c0819:PsiDirectoryNode" />
+ </path>
+ <path>
+ <item name="FIT-Connect-PoC" type="b2602c69:ProjectViewProjectNode" />
+ <item name="FIT-Connect-PoC" type="462c0819:PsiDirectoryNode" />
+ <item name="docs" type="462c0819:PsiDirectoryNode" />
+ <item name="Detailinformationen" type="462c0819:PsiDirectoryNode" />
+ </path>
+ <path>
+ <item name="FIT-Connect-PoC" type="b2602c69:ProjectViewProjectNode" />
+ <item name="FIT-Connect-PoC" type="462c0819:PsiDirectoryNode" />
+ <item name="models" type="462c0819:PsiDirectoryNode" />
+ </path>
+ <path>
+ <item name="FIT-Connect-PoC" type="b2602c69:ProjectViewProjectNode" />
+ <item name="FIT-Connect-PoC" type="462c0819:PsiDirectoryNode" />
+ <item name="reference" type="462c0819:PsiDirectoryNode" />
+ </path>
+ </expand>
+ <select />
+ </subPane>
+ </pane>
+ </panes>
+ </component>
+ <component name="PropertiesComponent">
+ <property name="WebServerToolWindowFactoryState" value="false" />
+ <property name="nodejs_interpreter_path.stuck_in_default_project" value="undefined stuck path" />
+ <property name="nodejs_npm_path_reset_for_default_project" value="true" />
+ <property name="settings.editor.selected.configurable" value="configurable.group.appearance" />
+ </component>
+ <component name="RunDashboard">
+ <option name="ruleStates">
+ <list>
+ <RuleState>
+ <option name="name" value="ConfigurationTypeDashboardGroupingRule" />
+ </RuleState>
+ <RuleState>
+ <option name="name" value="StatusDashboardGroupingRule" />
+ </RuleState>
+ </list>
+ </option>
+ </component>
+ <component name="SvnConfiguration">
+ <configuration />
+ </component>
+ <component name="TaskManager">
+ <task active="true" id="Default" summary="Default task">
+ <changelist id="754e8bb5-b2bb-4f04-b2b4-56f3999c3d27" name="Default Changelist" comment="" />
+ <created>1618850679552</created>
+ <option name="number" value="Default" />
+ <option name="presentableId" value="Default" />
+ <updated>1618850679552</updated>
+ <workItem from="1618850682293" duration="3650000" />
+ </task>
+ <servers />
+ </component>
+ <component name="TimeTrackingManager">
+ <option name="totallyTimeSpent" value="3650000" />
+ </component>
+ <component name="ToolWindowManager">
+ <frame x="0" y="26" width="1680" height="974" extended-state="6" />
+ <editor active="true" />
+ <layout>
+ <window_info id="Favorites" side_tool="true" />
+ <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.01831502" />
+ <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
+ <window_info anchor="bottom" id="Docker" show_stripe_button="false" />
+ <window_info anchor="bottom" id="Database Changes" />
+ <window_info anchor="bottom" id="Version Control" />
+ <window_info anchor="bottom" id="Python Console" />
+ <window_info anchor="bottom" id="Terminal" />
+ <window_info anchor="bottom" id="Event Log" side_tool="true" />
+ <window_info anchor="bottom" id="Message" order="0" />
+ <window_info anchor="bottom" id="Find" order="1" />
+ <window_info anchor="bottom" id="Run" order="2" />
+ <window_info anchor="bottom" id="Debug" order="3" weight="0.4" />
+ <window_info anchor="bottom" id="Cvs" order="4" weight="0.25" />
+ <window_info anchor="bottom" id="Inspection" order="5" weight="0.4" />
+ <window_info anchor="bottom" id="TODO" order="6" />
+ <window_info anchor="right" id="SciView" />
+ <window_info anchor="right" id="Database" />
+ <window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
+ <window_info anchor="right" id="Ant Build" order="1" weight="0.25" />
+ <window_info anchor="right" content_ui="combo" id="Hierarchy" order="2" weight="0.25" />
+ </layout>
+ </component>
+ <component name="TypeScriptGeneratedFilesManager">
+ <option name="version" value="1" />
+ </component>
+ <component name="editorHistoryManager">
+ <entry file="file://$PROJECT_DIR$/docs/Detailinformationen/Begrenzung_von_Abrufen.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/docs/Detailinformationen/Callback.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor relative-caret-position="-22" />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/docs/Detailinformationen/Glossar.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/docs/2_Quick_Reference.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor relative-caret-position="-143" />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/docs/3_Use_Cases_der_API.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor relative-caret-position="202">
+ <caret line="28" column="25" selection-start-line="28" selection-start-column="4" selection-end-line="28" selection-end-column="25" />
+ </first_editor>
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/docs/4_Authentifizierung_und_Autorisierung.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/docs/5_Status-_und_Fehlercodes.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/README.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor />
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/assets/images/api_overview/destination-id_publishing_jurisdiction-finder.png">
+ <provider selected="true" editor-type-id="images" />
+ </entry>
+ <entry file="file://$PROJECT_DIR$/assets/images/api_overview/FIEP_strategic_vision.png">
+ <provider selected="true" editor-type-id="images" />
+ </entry>
+ <entry file="file://$PROJECT_DIR$/assets/images/api_overview/future_integrationarchitecture.jpg">
+ <provider selected="true" editor-type-id="images" />
+ </entry>
+ <entry file="file://$PROJECT_DIR$/docs/Detailinformationen/Encryption.md">
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+ <state split_layout="SPLIT">
+ <first_editor relative-caret-position="525">
+ <caret line="35" selection-start-line="35" selection-end-line="35" />
+ </first_editor>
+ <second_editor />
+ </state>
+ </provider>
+ </entry>
+ </component>
+</project>
\ No newline at end of file
diff --git a/assets/images/encryption/tls-no-tls.png b/assets/images/encryption/tls-no-tls.png
new file mode 100644
index 0000000000000000000000000000000000000000..ee71544a842cd13ca2db2241eebd0e1225a03109
Binary files /dev/null and b/assets/images/encryption/tls-no-tls.png differ
diff --git a/docs/Detailinformationen/Encryption.md b/docs/Detailinformationen/Encryption.md
index 259bb417fd1d767883b1c28b2065d557cc837227..227e9157b718b82e88be321e74a658cedaab3370 100644
--- a/docs/Detailinformationen/Encryption.md
+++ b/docs/Detailinformationen/Encryption.md
@@ -1,13 +1,43 @@
# Verschlüsselte Übertragung
+## Einleitung
+fitconnect verwendet zur Übertragung von Antragsdaten und Metadaten mit direktem Bezug zu Anträgen, abgesehen von den für die Übermittlung zwingend notwendigen Daten (z.B. Destination-ID), Ende-zu-Ende-Verschlüsselung. Diese ist auf Basis der Standards [JSON Web Encryption (JWE)](https://tools.ietf.org/html/rfc7516) unter Zuhilfenahme von [JSON Web Keys (JWK)](https://tools.ietf.org/html/rfc7517) umgesetzt.
+
+Diese Informationen auf dieser Seite sind relevant, wenn man:
+- ein Fachverfahren mit fitconnenct-Anbindung entwickelt oder aufsetzt
+- einen Onlinedienst mit fitconnenct-Anbindung entwickelt oder aufsetzt
+
+Im Folgenden werden Beschrieben:
+- die Grundlegenden Anforderungen an die JSON Web Keys
+
+**TODO(@Lilith) Inhaltsverzeichnis**
+
+### Warum?
+Im Kontext von Anträgen an Behörden werden häufig höchstsensible Daten übermittelt, die im Rahmen der [Vorgaben des BSI für eGovernment-Dienste](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03107/TR-03107-1.pdf?__blob=publicationFile&v=4) nur Ende-zu-Ende-Verschlüsselt übertragen werden dürfen.
+Bei fitconnect ist die Zielsetzung einen möglichst einfachen, sicheren und klar definierten Standard zu etablieren. Deshalb ist richtig implementierte Krypotgraphie ein fundamentaler Teil von fitconenct und kannn nicht ohne diese umgesetzt werden.
+
## Architektur
+Jedes fitconenct-System verfügt über einen Endpunkt, an den Anträge gesendet werden (Fachverfahren/Subscriber-API) und einen oder mehrere Endpunkte von denen Anträge verschlüsselt versendet werden (in der Regel: Onlinedienst, App, …).
+
-Kern von FIT-Connect ist der Zustelldienst, der über die beiden APIs "Application Sender API" und "Application Subscriber API" den Absender (Sender) und Empfänger (Subscriber) eines Antrags verbindet.
+**TODO(@Lilith) auf die anderen Seiten verweisen die die Architektur erklären**
+
+## Vorgaben
+
+### Grundlagen
+
+1. Grundsätzlich muss die fitconnect-Verschlüsselung immer Ende-zu-Ende sein. Das bedeutet vom Endgerät der Nutzer*in bis in das Fachverfahren bzw. die Empfangsbehörde des Antrages.
+
+Es ist nicht vorgesehen, das Antragsdaten unverschlüsselt von einem Endgerät einer Nutzer*in an ein Backend weitergeleitet werden, um dann von dort verschlüsselt per fitconnect an die Empfangsbehörde gesendet zu werden.
+
+2. Die für die Verschlüsselung verwendeten JSON Web Keys müssen signiert werden und über eine Verwaltungs-PKI verifizierbar sein und auch durch den verschlüsselnden Client verfiziert werden.
+Es ist nicht vorgesehen nicht vertrauenswürdige Schlüssel für die Verschlüsselung von Anträgen zu verwenden. Das soll Angriffe wie Man-in-the-middle-Attacken erschweren.
-## Vorgaben
+3.
+### Anforderungen an die JSON Web Keys
Unter Berücksichtigung der Vorgaben des BSI in der Richtlinie [TR-02102-1](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.html) wurden die [Liste der möglichen Algorithmen](https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms) eingeschränkt.
- Asymmetrisches Verschlüsselungsverfahren, um den "Content Encryption Key" zu verschlüsseln ("alg"): "RSA-OAEP-256"