Certificate Generation and Verification
RFC Template
Version 1, April 2020.
- RFC Title : Certificate Generation and Verification
- Project : amFOSS CMS and amFOSS website
- Related MRs : None
- Infrastructure : No Change
- Duration: 1-2 Weeks
- Related Technology(s) : Web(Django, React)
- Start Date: 12-06-2020
- License: GNU General Public License V3
Summary
This feature helps us to generate and validate certificates for workshops, events, competitions conducted by the club. Certificates without validation can be tampered with and can be misused by anyone. In order to authenticate certificates, we need to have a verification system. We store the designed certificate in our amFOSS Google Drive account. We generate a simple hash in our system and store it in our database. The unique hash will be displayed on the certificates as well. The veracity of the certificate can be checked on our website using the generated hash (amfoss.in/verify/<generated-hash>)
Detailed Explanation
The club has been conducting many events which will only increase in the future. One of the essential things after a contest/competition/workshop is the issue of certificates to participants/winners. The first event we are planning to give out certificates for is amDeC. This certificate shows their achievement and will be unique to them. It will also act as an encouragement for them to participate in other events or the next edition of the same event. However, we must ensure that certificates are properly verified and are unique to the person it is issued to. This feature prevents anyone from passing off a fake certificate under the banner of amFOSS and also serves to verify whether a certificate is genuine.
This also solves the issue of designing certificates for each and every participant and saves time by automating the work. The certificates are generated by just giving the template along with the participant details.
We need to have a generation and a validation service for the certificate in our server. After getting all the certificate designs and the details of the participant, a certificate template will be made. The certificate template along with the details of the participants will be given to the cms which then generates the certificates and stores them in amFOSS Google Drive. Using the Google Drive links of the certificates, we generate a hash which links these certificates and store it in our database.
For every event, a certificate will be designed by the Graphics Team. They will submit the fonts associated with it along with the sizes, coordinates of each parameter like name, project details, etc. So this template will be fed along with a list of people for whom certificates should be generated. Every certificate generated will have a unique hash on the certificate and a URL on the certificate (amfoss.in/verify/<generated-hash>). These certificates are then pushed to google drive from cms. So we will be using official google drive APIs to upload the certificates from CMS server. Then the google-drive shared link is stored in the database along with the hash of the certificate. So when someone tries to verify the certificate they will access the link from the certificate which will be fetched from google-drive with the help of generated hash and displayed on the website.
Motivation
- The first series of amDeC has come to an end, and we plan to give out certificates for participants.
- These certificates require genuine verification in order to maintain the quality and standard of the program.
- This feature can not only be used in amDeC but also in other events like workshops and competitions we conduct.
Old pattern
Whenever there is an event, the certificate templates were designed and were given for printing based on the count. The names on the certificates had to be manually written by volunteers and signed by the coordinator of that particular event.
New pattern
We make the certificate digitalized and not as a physical copy. So in order to achieve that, we need to have a valid verification of the certificates where there won’t be any fake certificates floating around. Also, as the certificates are being digitized, to reduce the work effort of the designers, we can automate the work to fill all the details and also the signature and generate multiple certificates at a single time.
Advantages of switching pattern
- Generating the Certificates is easy
- Verification of the Certificates
Disadvantages of switching pattern
- There might be a few misalignments of the details in the generated certificates if the values are not given properly.
- We might lose our generated hashes which will be impossible to retrieve. (Database dump should be taken regularly)
- We might lose the certificates stored in our Google Drive if we lose the account. (this is unlikely to happen)
Impact on codebase
There won’t be much impact on the codebase and has no chance of breaking anything in the codebase. There will be a new module in the CMS that can generate and push the certificates to Google drive of the official amfoss account and a new section will be added to the amFOSS main website which can retrieve certificates from the hash and show.
Alternatives
- Apart from the solution being proposed in this RFC, are there other alternative solutions possible?
- It can be done in the old way by manually designing the certificates. (labor intensive for large events with large number of participants)
- We can store the certificates in our database with the file name as the hash provided (a non-ideal solution).
- We can store the certificates using IPFS instead of using Google Drive to store them.
- What is the impact of not doing this?
- It takes time to fill details of each participant for a large event with many participants.
- Having certificates in our server takes more storage compared to storing a simple hash and the memory used might increase if there are more certificates coming up.
- If we add the certificates in IPFS, we might lose certificates if the node in which our certificate is stored is lost and to not let that happen we might have to host our own IPFS node in our server.
Unresolved Questions
We can even request a Microsoft account from our college and store the files in one drive as we will get 1TB data.