Create a Digital COVID Certificate
The Digital Covid Certificate (DCC) format allows issuing digital health certificates that can represent an individuals' COVID-19 vaccine, test or recovery status. Sovrin provides the capability to issue and verify DCCs as a Sovrin extension. Issuing authorities can cryptographically sign a valid DCC payload, and format it as either a digital or paper-based document. The issued certificate utilises the EU DCC specification to provide tamper-evident properties along with a well-understood trust model.
For verifying/relying parties, the extension provides the core capability to verify issued certificates and prove their authenticity and validity - while also decoding and providing the details from the certificate.
Digital COVID certifications provided through the Sovrin DCC extension adhere to the standards and specifications first adopted in implementations across European Union member states from July 2021.
At the core of the specification is its trust model that consists of a simple, one layer deep, list of Country Signing Certificate Authorities (CSCA) that sign Document Signer Certificates (DSC). These are then used to sign the health certificates in a DCC format.
For more information on the EUDCC trust model, please see the certificate specification used by the EUDCC.
Prerequisites
You need the following in order to proceed with this tutorial:
-
Access to Sovrin APIs.
-
A document signer on your Sovrin tenant.
-
A valid EU Digital Covid Certificate JSON payload that conforms to schema version 1.3 or above.
If you’re experiencing difficulties with any of these prerequisites, please contact us.
The data provided in the request is not stored at any stage on the Sovrin platform. The information is only held temporarily in memory to allow the processing of the request and discarded once generated.
Request
Make the following request to create and sign a DCC:
POST https://api.sovrin.one/ext/dcc/v1/sign
{
"payload": {
"ver": "1.3.0",
"nam": {
"fn": "Smith-Jones",
"fnt": "SMITH<JONES",
"gn": "Charles Edward",
"gnt": "CHARLES<EDWARD"
},
"dob": "1964-01-01",
"v": [
{
"tg": "840539006",
"vp": "1119349007",
"mp": "EU/1/20/1507",
"ma": "ORG-100031184",
"dn": 1,
"sd": 2,
"dt": "2021-06-11",
"co": "NL",
"is": "Ministry of Health Welfare and Sport",
"ci": "URN:UVCI:01:NL:DADFCC47C7334E45A906DB12FD859FB7#1"
}
]
}
}
The certificate will be signed using CBOR Object Signing and Encryption (COSE), as per the EUDCC specification, and then encoded as a base45 string.
As part of processing the request, validation will be performed against the DCC schema, using the version specified in the DCC payload, to ensure the DCC is valid before being signed. A valid DCC JSON payload must be provided.
Response
{
"payload": "HC1:6BFOXN%TSMAHN-HQO8%TEN*FQ8RESL/R83MJ2FCXK9.JAEJP .I0NUULINJPIRPQHIZC4TPIFRMLNKNM8POCEUG*%NH$RSC98IF3MOAGJGB3D0C5HF80P1FDEZ48MOQ:J* 3I0CU0GQJO9NT.HFCA3 X8 KLYF1FD5-FHWC59NT8X4Q2QC:HQ-77JO+0M7NS A8HJP7NVDEBR0JE+45$0H78HABVCNAHLW 70SO:GOLIROGO3T59YLLYP-HQLTQ9R0+L67PPDFPVX1R270:6NEQ.P6KLU%TE6UG+ZEAT1HQ1BT1VW5IMIBRUFTIPPAIMI.J9WVHDYHT-84LTYD3SZ4I25FMV3ZCU3B5IVV5TN%2UP20J5/5LEBFD-48YIM557AL XK$%2XE557TT25-037:2SP4*2DN43U*0CEBQ/GXQFY73OMBMNVVINARNQA77UJ4O79J3*UJLOJ/G7DG3VIN 73PLN09B6LBUC7AK5J5S8BHJHQA$LPQVGD6QHK*$P8RFR76MK6%ARZWCBCBTBTZSU*FLR3JMX4ICV+7OD+AN-2P8EMJIVDF17F7LT6SF*8UA7OB2JR748CLI 9V+VV10EHSA1",
"metadata": {
"documentSignerId": "681c2571-07db-4a95-891a-7ac4d439893d",
"issuedAt": "2021-09-20T20:46:17.448Z",
"expiry": "2022-09-20T20:46:17.448Z"
}
}
payload: This is a base45 encoded string that represents the DCC.
metadata:
-
documentSignerId: Unique identifier of the Document Signer that was used by Sovrin to sign the DCC. -
issuedAt: Issuance timestamp. -
expiry: DCC expiration timestamp.
What's next?
Now that you have created the credential, you can format it as a QR code.