Our team just came up with an idea to ease the application process for students receiving Blockcerts. I wanted to see with you what feedback you may have!
One of our concern was that students will have to apply by sending their certificates as a JSON file or by sending a URL pointing to this certificate to employers.
We already issue certificates as PDF files and we want Blockcerts to be the topping of the process. We don’t want future employers to worry about/handle JSON files and we want students to get PDF files they can view, share, and store the way they already do with other documents.
Idea 1: Connect the pdf to the outside world
The first idea we had was to add a QR code on the pdf. This QR code would be the URL pointing to the online certificate, allowing the independent verification of this latter by the employer.
However, PDFs can be easily tampered with and any student could modify the QR code and make it point to a forged Blockcerts of their own.
Idea 2: Connect the pdf to the outside world and protect it
The second idea was the same but we also digitally sign the PDF so the employer receiving the file can be assured that it hasn’t been modified and that the QR Code is indeed the one written by the university.
However, we don’t want to rely on any third party company to issue a certificate for us so we can sign PDFs. We want PDFs to live by themselves.
Current idea: Payload the pdf with the JSON
Our current idea is to embed the JSON Blockcert inside the pdf (like JSON files embedded in PNG open badges). In this configuration, students can apply by sending the PDF of their certificate. Employers can drop the PDF onto the online verifier and get the same verification process they would have with the JSON file. We can still add a QR Code pointing to the online certificate (or some documentation explaining the purpose of Blockcerts etc.).
In order to make sure that the PDF hasn’t been modified by the student, we write the hash of the PDF we generate inside the JSON file before issuing on the blockchain. Students messing with the PDF content will have to modify the hash written inside the JSON cert, leading to a failure of its verification.
With this system, students get a pdf and they benefit the power of Blockcerts. Also, employers can trust the PDF without compromising the verification process.
I drop an illustration below,
I am looking forward to your feedback,