While the technical parts of Blockcerts are addressed in detail at Blockcerts.org, you have highlighted some fundamental mechanics that are worthy of being summarized here.
First, Blockcerts is an open standard intended to be utilized for anchoring a signed hash of a digital record to any blockchain. This means the original file can be stored by the Issuer as well as the recipient (off chain). No private data is ever at risk. After the records are hashed and digitally signed by the issuer, they are anchored to a blockchain and time stamped. Later, when a record is being verified, a hash of the local certificate is compared to the one being stored on the blockchain. When the hashes perfectly match, it proves that the record has not been tampered with since the original issuance.
Furthermore, Blockcerts provides a mobile app to make it easy for recipients to generate keys and then send those keys to issuers. This enables recipient public keys to be written into their digital records prior to issuance. Then the same mobile app can be used to store, share, and prove ownership of those digital records (JSON files).
When Blockcerts first came out, Bitcoin was the only blockchain. Since that time, Blockcerts has added support for Ethereum and is structured to expand to others. The end goal is to ensure the longevity and interoperability of records in a manner that independent of any vendor and gives people ownership of their official records.
I hope this helps! Please let me know if you have further questions and also feel free to ask questions at the Blockcerts Forum: https://community.blockcerts.org/