signature publication management

[ppsirg]

hello, files like images and json data are signed in order to detect any possible change, but document doesnt say when or how those signatures must be published or if they sould be published or not, but remember that signatures publication are more important that hash publication, you can always create a new hash knowing the hashing algorithm was used to create the signature and verify data with signature and public file

[patcon]

I'm a little rusty on the process right now, but I believe that gets bundled up into the master hash that gets published in the blockchain, right? I might be mistaken, so don't hesitate to call me out :) https://github.com/MrChrisJ/World-Citizenship#step-7---proof-of-publication

[MrChrisJ]

Hey @ppsirg

You’re right to bring this up. A colleague of mine is actually working on a web interface that will make this whole process simpler. More details on the way, in the mean time…

There are a number of ways of completing step 7 depending on how much data you want to commit to the blockchain. Some people may not be comfortable hashing all of the items listed in section 6 (for example a picture, if hosted publicly, presents privacy issues).

The quickest way:

1. Sign the final image file of the ID card with the PGP Key of the organiser
2. Generate a hash for the signed image file
3. Publish hash(es) in the blockchain using Crypto Graffiti

Note: Depending on the software you use some will produce detached signatures giving you two hashes like the one we did in the demo:

BN_PASSPORT_TEMPLATE_2.png BN_PASSPORT_TEMPLATE_2.png.sig

Because CryptoGraffiti puts all the data in to one transaction it doesn’t matter too much.

More detailed method:

1. Prepare a JSON/XML file of the ID card’s data
2. Produce JPG of the Group Photo of all the members in attendance (optional)
3. Produce an cropped image file of the new “citizen”
4. Sign all each of these files with the PGP Key of the organiser
5. Hash each of the files
6. Publish them all in the blockchain using Crypto Graffiti

This is more involved. The advantage to using a JSON file at step 1 is that it will make your ID card ‘headless’. That means the new citizen can change the design later if they want to and as long as the data on the ID card is consistent it will all match the blockchain entry.

One Hash For All Files
If you don’t want to bloat the blockchain or you would rather use something like proofofexistence.com/ you will need to produce 1 hash for all the files.

This is where things get more complex. I did a demonstration using a simple Python script in France last year to show how it can be done: https://gist.github.com/MrChrisJ/e0f8551d0a276dc0bbd8

This way you have a merkle root and as long as you publish the documentation of how you arrived at the final hash etc then anyone can simply repeat the process to confirm.

There are many other people working on this problem and the ideal situation is some kind of open standard that everyone adheres to. I am busy on another project right now but I plan to revisit this one in the next 4-6 weeks.

Any other questions please let us know. I will do my best to clean up the current read me, pull requests welcome :)

[ppsirg]

@MrChrisJ is more clear now what proof of publication means(the hash that is pubhished is the one of the signature in order to verify that), and proofofexistence.com service makes more easy, so files publication can not be that safe at all(i mean, you can publish them encrypted if a *.tar.bz file or something like that), i was interested because i did a little implementation of World-Citizenship for Coinfest Bogota attendees registration, you can find it here http://bit.ly/1DKzG2H, i did'nt proof of publication because it was a little confusing, im a total noob in github and collaboration (i have only worked on bitbucket doing privative software), i will try to submit pull request, but im kind of confused about how to.

thanks for your work and thanks all contributors for their work as well