Similar to Dale's suggestion. We embed keys in certificates upon
completion of our e-learning courses. They comprise known things like
clientID, executionID or whatever else identifies the item and then we
just hash it. We then allow governing bodies to login and enter the
key (which appears on
So how do you check that the key is valid then?
Do you need to store valid keys in the application like a pubic /
private key pair?
Or do you simply check via the checksum, alone?
A the penny has dropped
That's why key generators are successful.
Because they create valid segments and a
Because we can hit a database and we authenticate the user they can
enter pretty much any info from the printed certificate to validate
it. We do store the hashed key for lookup.
Checksums (with my limited understanding) are probably more useful in
cases where you can't get back to check a