Issue & Verify a Health Certificate using DCC Extension

Overview

The Digital Covid Certificate (DCC) is a format that allows the issuance of digital health certificates that can represent the vaccine, test or recovery status of an individual against Covid-19.

The capability to issue and verify Digital Covid Certificates is available as a VII Extension provided by MATTR.

It enables an issuing authority to take a valid DCC payload, cryptographically sign it and express it in either a digital or paper-based way. The certificate issued by the MATTR extension utilises the EU DCC specification to provide tamper-evident properties along with a well-understood trust model.

For verifying/relying parties, the extension provides the core capability to verify issued certificates and prove their authenticity and validity - while also decoding and providing the details from the certificate.

Digital covid certifications provided through the VII DCC extension adhere to the standards and specifications first adopted in implementations across European Union member states from July 2021.

At the core of the specification is its trust model that consists of a simple, one layer deep, list of Country Signing Certificate Authorities (CSCA) that sign Document Signer Certificates (DSC). These are then used to sign the health certificates into the DCC format.

This tutorial will take you through how to configure the MATTR VII DCC Extension to utilise the document signer certificates to issue or verify the EU Digital Covid Certificate format.

Steps

To get started issuing DCC using the MATTR extension, check out the following tutorials.

For certificate issuers:

  • Create a Document Signer – configure a self-signed certificate that can be later linked to a CSCA (if required).

  • Sign a DCC – Issue a DCC by signing a valid health certificate payload.

  • Format DCC as a QR Code - Take a signed and encoded DCC and represent it as a QR code that can be used in a variety of scenarios. Such as allowing the certificate to be held by a user in a mobile wallet, PDF or a paper-based format.

For certificate verifiers:

  • Setup a Trusted Document Signer - upload public document signer certificates that are to be trusted when verifying a DCC.

  • Verify a DCC - Take an issued DCC in its raw form and verify its origin authenticity and validity based on the signature and enclosed payload.