ubirch-certify-app
The purpose of this web frontend is to provide a way to enter data for certification. Cryptographic signing is handled by a separate backend service. This web application takes the input, processes it to create a signable data structure and sends the hash of that data structure to the signing service. The hash contains a random salt which ensures the created hash cannot be guessed.
As a final result the certificate is presented as a print view that contains a digitally readable 2D barcode (QR-Code) in one of the two supported formats.
Supported Data Formats
The App supports multiple data formats: CBOR / COSE and JSON/URL (UBIRCH UPP).
JSON/URL (UBIRCH UPP)
By default the App creates a JSON structure that is hashed and the hash is sent to the signing service. The signing service takes care of packaging a UPP structure that contains the Hash, signing it and sending it to the UBIRCH Trust Service for further processing. The data itself is then encoded in an URL structure guarded by an URL fragment. The QR-Code is then created from the URL. A corresponding verification App or the landing page of the URL can then decode the certificate data and verify it.
CBOR/COSE
For offline verifyable certificates the App packages the data into a CBOR object, creates a hash from its binary data and send that hash to the signing service. The responding signature is then encoded in a COSE structure together with the CBOR object. After compression and Base45 encoding a QR-Code is generated from it.