DIVOC
DIVOC 3.0
DIVOC 3.0
  • Introduction to DIVOC
    • What DIVOC is and what it's not
    • DIVOC Docs Index
  • Platform
    • Release Notes
      • DIVOC 2.0 Release Features
      • DIVOC 3.0 Release Features
    • Specification
      • API Documentation
      • Setting up DIVOC development environment
    • DIVOC's Verifiable Certificate Features 2.0
      • Creating a DIVOC Certificate
        • Overview of DIVOC’s digital certificates
        • What information is included in the DIVOC certificate?
        • DIVOC’s certificate generation service: How does it work?
        • Compliance with internationally used COVID-19 certificate schemas
      • Distributing a DIVOC Certificate
      • Updating a DIVOC Certificate
      • Revoking a DIVOC Certificate
      • Verifying a DIVOC Certificate
      • DIVOC's Native COVID-19 Certificate Specification
      • DIVOC’s EU-DCC Adapter Service
      • DIVOC’s SHC Adapter Service
      • Adding a User Type in DIVOC
      • Printing Certificates at a Facility
      • Normal QR Code Versus Signed/Verifiable QR Code
      • What Information Goes Into a QR Code?
      • WHO Master Vaccine Checklist
      • EU Master Vaccine Checklist
    • DIVOC's Verifiable Certificate Features 3.0
      • How to Configure a New Tenant?
      • How to Access the VC System and Generate Tokens
      • How to Generate Certificates
      • How to Fetch Certificates
      • How to Update Certificates
      • How to Revoke Certificates
      • How to Suspend Certificates
    • DIVOC Architecture
    • Installation
      • Skills needed to set up DIVOC
      • Implementation Checklist
      • Setting Up DIVOC in k8 Cluster
        • How to Install DIVOC
        • How to Install DIVOC for V3.0
        • Backup & Restore: Postgres, Clickhouse, Kafka, & Redis
        • Infrastructure Recovery
        • Server Hardening
    • Verifiable Credential (VC): Production Deployment
    • Configuration
      • Configuring the Certification and Verification Component
        • Generating Signed Key Pairs
        • Configuring certificates
          • Step 1: Create a certification generation request
          • Step 2: Configure the QR code content
          • Step 3: Configure the certificate template
        • How to set up the verification portal for implementation
        • How to configure the update certificate API
        • Configuring Environment Variables in 2.0
      • Configuration Management Via ETCD
        • Adding a New Vaccine and ICD-11 Mapping
          • Adding a New Vaccine and ICD-11 Mapping Using ETCD CLI
        • PDF Template Change for Vaccine Certificates
          • PDF Template Change for Vaccine Certificates via ETCD CLI
        • EU Vaccine Configurations
          • Adding a New Vaccine and its Mapping via ETCD CLI
        • Payload Changes in the QR Code
          • Payload Changes in the QR Code via ETCD CLI
    • Performance Report
  • Products
    • Issuing COVID-19 Vaccination Certificates in India
    • Issuing COVID-19 Test Reports in India
    • Issuing COVID-19 Vaccination Certificates in Sri Lanka
    • Issuing COVID-19 Vaccination Certificates in the Philippines
    • Issuing COVID-19 Vaccination Certificates in Jamaica
      • Troubleshooting
    • Issuing COVID-19 Vaccination Certificates in Indonesia
    • Open Events
      • Past Events
      • DIVOC in the Media
  • DIVOC Demo
    • Program Setup (Via Orchestration Module)
    • Facility App
    • Issue and Verify Certificates
    • Citizen Portal
    • Feedback
    • Analytics
  • Community
    • Roadmap
    • Partner Support
      • Terms and Conditions of Using the DIVOC Site
      • Privacy Policy: Short Version for Display
      • Privacy Policy: Detailed
      • Platform Policy Guidelines
      • Privacy Policy Recommendations
      • Troubleshooting Guide
    • Source Code
    • Discussion Forum
    • Issues
    • Project Repo
Powered by GitBook
On this page
  • Certificate signing
  • Key pair configuration for DIVOC certificate
  • Reference steps for key generation
  • Key pair configuration for EU certificate
  • Configuring EU certificate retrieval from the certificate-API service
  1. Platform
  2. Configuration
  3. Configuring the Certification and Verification Component

Generating Signed Key Pairs

Certificate signing

Supported key types

  1. RSA (default)

  2. ED25519 (recommended for performance)

Environment variable configuration

SIGNING_KEY_TYPE (possible values: RSA or ED25519)

Key pair configuration for DIVOC certificate

Environment variables

CERTIFICATE_SIGNER_PRIVATE_KEY, CERTIFICATE_SIGNER_PUBLIC_KEY

The expected values for these configurations change depending on the type of key in use:

RSA -

  • Private key format: 2048 bit, PEM

  • Public key format: PEM

ED25519 -

Key
Format
Type
Encoding

Private

DER

PKCS#8

Base58

Public

DER

SPKI

Base58

Reference steps for key generation

RSA key generation using openssl

openssl genrsa -out privatekey.pem 2048

openssl rsa -in privatekey.pem -out publickey.pem -pubout -outform PEM

ED25519

Key pair configuration for EU certificate

Generation of key pair for signing an EU certificate:

  • Open the cert.conf file and edit it according to your requirement.

C - Country name (2 letter code)

The two-letter country code where your company is legally located.

ST - State or province name (full name)

The state/province where your company is legally located.

L - Locality name (for example, city)

The city where your company is legally located.

O - Organisation name (for example, company)

The legally registered name of your company (for example, YourCompany, Inc.).

OU - Organisational unit name (for example, section)

The name of your department within the organisation. (You can leave this option blank; simply press *Enter*.)

CN - Common name (for example, server FQDN)

  • For generation of RSA key pair: ./gen-dsc.sh RSA CSR

  • For generation of ECDSA key pair: ./gen-dsc.sh ECDSA CSR

  • The script will generate the following 3 files:

  1. private key filename - DSC01privkey.key

  2. CSR filename - DSC01csr.pem CERTIFICATE key filename - DSC01cert.pem

  3. Public key format: PEM

Configuring EU certificate retrieval from the certificate-API service

  1. Generate the key pair required for signing the EU certificate and share the CSR file for signing with CA.

  2. In the divoc-config configMap, set the following environment variables:

  • EU_CERTIFICATE_PRIVATE_KEY - Private key for signing the EU payload (in PKCS8 format).

  • EU_CERTIFICATE_PUBLIC_KEY - The certificate provided by CA after signing the CSR.

  • EU_CERTIFICATE_EXPIRY - Expiry of the certificate in months (for example, 12).

PreviousConfiguring the Certification and Verification ComponentNextConfiguring certificates

Last updated 2 years ago

Use an external library such as to a key-pair in the required format.

Copy the certificate generation script file and put it in the desired location.

Copy the certificate configuration file and put it in the same folder where the certificate generation script was copied to.

The fully-qualified domain name (FQDN) (for example, ).

Run the file to generate the key pair for signing the EU certificate.

All content on this page by is licensed under a .

ed25519-verification-key-2018
generate
gen-dsc.sh
cert.conf
gen-dsc.sh
http://www.example.com
eGov Foundation
Creative Commons Attribution 4.0 International License
Creative Commons License