Digital Badges: How Is a DID Created and Stored?
Kolleges generates DID-based digital badges using the did:key method with RSA key pairs — storing only the public key server-side while delivering the encrypted private key to the user for self-custody.
“Who creates the seal stamped on a digital badge, and how is it stored?” This is everything about the digital seal that powers real certificates and real credentials.
🔐 Where does the digital seal — the DID — come from?
A digital badge is no longer just an image. A badge is real only when it carries my own digital seal (DID).
This digital seal is created with my unique private key, and its authenticity is verified with a public key that anyone can look up.
And the unique mark stamped on the seal — that is the DID (Decentralized Identifier).
But who creates this digital seal, where is it stored, and is there any risk of forgery?
This article walks through how Kolleges securely creates DID-based digital badges and stores them in a user-centric way.
🧬 What is a key pair? The root of a DID
A DID does not exist on its own. It is generated from the following key pair:
| Category | Role |
|---|---|
| 🧷 Private Key | A digital seal only I hold |
| 🔍 Public Key | A public tool that verifies the seal's authenticity |
Stamping with the private key and verifying with the public key works like a key and a lock locked into each other, and this combination is the core of trust for a digital badge.
🛠 How does Kolleges generate a DID?
Kolleges generates the DID required for a digital badge using the did:key method. This approach generates a DID without any blockchain or central registration authority, and it is fast, concise, and compatible with global standards.
The generation procedure is as follows:
- 1 Generate the key pair with the RSA algorithm — The private key is used by the user to sign credentials; the public key is used externally to verify authenticity.
- 2 Convert to PEM format — Render it in a human-readable form.
- 3 The private key is never stored on a server — It is provided to the user as an encrypted string for self-custody.
- 4 Store only the public key and the DID — Kolleges stores only the public key and the DID derived from it.
A DID is a unique string generated from the public key, and it is the digital fingerprint that represents a credential’s “identity.”
📦 What data does Kolleges store?
Kolleges stores only the following information in its database:
| Item | Description |
|---|---|
| did | e.g., did:key:z6Mkr... |
| public_key_pem | Public key (PEM format) |
| user_id | User ID (internal use) |
✅ The private key is never stored, and Kolleges cannot view it or reissue it.
| Field name | Description |
|---|---|
| id | Internal identifier (PK) |
| user_id | User ID |
| did | The generated DID (e.g., did:key:...) |
| public_key_pem | Public key (PEM format) |
📁 How is the private key stored?
The private key is encrypted on Kolleges servers and delivered to the user as follows:
- 1 Encrypt with an internal algorithm
- 2 Use an encryption key built from user information and a security key
- 3 Convert the result into a Base64 string
- 4 Provide it as a file the user can download and keep
The user simply keeps this file in secure storage (USB, cloud, offline, etc.).
✅ How do we prove that the private key really belongs to you?
When a user uses a DID-based credential, Kolleges verifies it as follows:
- 1 The encrypted private key file is uploaded
- 2 Kolleges decrypts it with an internal algorithm
- 3 The decrypted key produces a digital signature
- 4 The signature is verified against the public key Kolleges holds
👉 Through this process, the trust statement “this seal was actually stamped by you” is established.
🎯 For digital badges, trust starts with the DID
The core of a digital badge is not its visual design but who created it, who owns it, and how it can be verified.
Through DID technology, Kolleges delivers digital badges that remain permanently verifiable, without depending on the platform.
If you want real digital badges, work with Kolleges — which carries the real seal (DID).
📎 Wrapping up
A DID is not just an ID. It carries three values inside it: security, autonomy, and trust.
Kolleges builds digital badges on top of this DID structure, helping institutions prove course history, credentials, and certificates — all key learning outcomes — safely and without a central server.
🔗 Related content
👉 Understanding the DID structure for digital badges (Part 1) 👉 How to securely store DID-based digital credentials on IPFS
Frequently asked questions
Want to turn learning outcomes into verifiable assets?
From issuing to verifying and amplifying, see it for yourself with Kolleges.
Related posts
What Is DID — Managing Digital Badges with Decentralized Identity
Kolleges builds digital badges on DID using the did:key method, so both issuers and recipients hold cryptographic key pairs that let anyone verify badge authenticity without a central server.
How to Issue Digital Badges and Store Them Safely (feat. IPFS)
Digital badges become tamper-proof Verifiable Credentials by combining JWT cryptographic signatures with IPFS distributed storage, letting anyone verify authenticity via a content-addressed CID link.
Why ISO 27001 (Information Security) Certification Is Essential for Digital Badge Platforms
Digital badge platforms must hold ISO 27001 certification because learner credentials are lifelong career assets — any forgery, leakage, or outage directly harms individuals, not just institutions.
See whether it fits your institution — in 10 minutes
From issuing to verifying and amplifying, see it live in a Kolleges demo.