I went through the technology in https://www.youtube.com/watch?v=cEo_XwOpaow. It looks interesting. Thanks for sharing the knowledge to the world . However am curious to know how the following case is handled.
- Student requests for certificate, as a part of the request a public key is sent to the issuer.
- The issuer creates a certificate, adds the hash of the certificate to the blockchain and sends it back to the Student.
- The certificate sent to the student contains the following:
b. Public key of the institution.
- Verifying party does the following:
a. Computes the hash of the local certificate
b. Compares the local hash with the block hash (of the transaction address mentioned in the cerificare.
c. Verifies the signature of the institution
d. If the above two (b and c) looks good, then the certificate is valid
What am failing to understand
Can’t the person with an intent to forge the certificate do the following:
- Create a transaction that contains the hash of the forged certificate and add it to the blockchain.
- Modify the public key present in the certificate to be the key corresponding to forged transaction’s public key
- Modify the transaction address present in the certificate to the forged transaction.
What connection am missing here? Please explain.
Thanks for your help.