Automated issuing of BlockCerts

I am working on an app that would require the automated issuing of a BlockCert from a server to any number of users. This would only occur after identity verification of the user.

From what I understand, my server would have to store the private key of the issuing address in order to create the transaction for issuing the BlockCert to a user. However, storing an Ethereum or Bitcoin private key on a server does not seem like a secure solution.

Is there an industry standard for properly achieving such an automated process?

Hey David,

I am working on quite a similar project.

Considering the current implementation of Blockcerts, you first have to enroll students into the program. They download the Blockcerts mobile app, save their 24 words seed, and add you as an issuer: when a student adds you, your server gets a POST request containing his/her public key. Only after the enrolling campagne, you’ll be able to issue certificates on the blockchain for the students you received the key from.

If you want to fully automate the process, then it gets a bit tricky. The whole point of using the mobile app is to empower the students and ensure self-sovereignty: keys are generated on their personal device and the private key stays secure on their side. They only share with you one of the multiple public keys that are generated from the seed (see deterministic wallet).

If you generate the key pair for them:

  • Self-sovereignty is biased (which is more an ethical than a technical issue).
  • You have to store securely the private key and they have to trust you doing so.
  • You’ll have to provide them their private key once certificates are issued.
    • The transfer has to be secure.
    • The private key can not be imported into the wallet.

That’s a tricky issue we are facing here. From an ideal perspective, no input should be required from the students. Even though the mobile app is a wonderful step forward, the experience is not seamless and a lot is asked to the students (download the app, store securely the 24 words, add the issuer, import certificates…).

I’m afraid I don’t have the answer on how to fully automate the process. Maybe an idea would be generate the seed for them. Later on, if they want to use the app, they just have to enter the seed and retrieve their certificates, still you have to generate and store securely the seed in a database.

I’m looking forward to any input,
Florent.

1 Like