OpenSig Vault will allow the user to sign all files in a directory with a single signature, thereby proving that the files in the directory existed at that time. For example, a company could setup a vault that signs its entire server's hard drive with a single signature, allowing it to subsequently prove that any one of its files had been produced on or before that time.
How it works:
In essence the vault is a file created by OpenSig containing the hashes of all files in the directory, which is signed on the blockchain (a merkle root). (Its a bit like zipping up the OpenSig identities of all the files in a directory then signing the zip file). Any of the directory files can be verified in the usual OpenSig way, provided the verifier also has a copy of the vault-file. Since the vault file contains only a list of OpenSig ids (which are anonymous) then it is safe for a user to publish the vault-file to its clients, even if the vault directory contains secret or sensitive files. The vault-file is stored locally by the user or perhaps is uploaded to an OpenSig cloud service. The user cannot corrupt the vault-file without invalidating the signature on the blockchain.
Cloud Service:
Instead of the user storing all the vault-files, perhaps an OpenSig Vault cloud service could do that. This service could provide an interface to allow selected clients to verify single documents through their OpenSig app. (This would require an element of trust on the part of the client - the client would need to trust OpenSig to return the correct verification result, or perhaps the cloud service could provide the verifier with the vault-file, allowing him to verify it himself. Note, the client would still need to trust OpenSig to return the oldest vault file containing the file's hash).
Different kinds of vault could be supported:
- hash-only: stores the hashes of all files.
- filename and hash: stores the names of the files, perhaps useful for comparing the directory contents over time.
- hybrid of the previous two: two files, one containing the hashes and the other the filenames. This allows the vault-file to be sent to clients who wish to verify a file while still providing the benefit of 2. Would need more effort to develop though.
All vaults could contain:
- the latest block hash to prove the vault was created after that time;
- some identification for the vault (directory, name, id, notes, etc) that could be used to link snapshots of the same vault over time.
OpenSig Vault will allow the user to sign all files in a directory with a single signature, thereby proving that the files in the directory existed at that time. For example, a company could setup a vault that signs its entire server's hard drive with a single signature, allowing it to subsequently prove that any one of its files had been produced on or before that time.
How it works:
In essence the vault is a file created by OpenSig containing the hashes of all files in the directory, which is signed on the blockchain (a merkle root). (Its a bit like zipping up the OpenSig identities of all the files in a directory then signing the zip file). Any of the directory files can be verified in the usual OpenSig way, provided the verifier also has a copy of the vault-file. Since the vault file contains only a list of OpenSig ids (which are anonymous) then it is safe for a user to publish the vault-file to its clients, even if the vault directory contains secret or sensitive files. The vault-file is stored locally by the user or perhaps is uploaded to an OpenSig cloud service. The user cannot corrupt the vault-file without invalidating the signature on the blockchain.
Cloud Service:
Instead of the user storing all the vault-files, perhaps an OpenSig Vault cloud service could do that. This service could provide an interface to allow selected clients to verify single documents through their OpenSig app. (This would require an element of trust on the part of the client - the client would need to trust OpenSig to return the correct verification result, or perhaps the cloud service could provide the verifier with the vault-file, allowing him to verify it himself. Note, the client would still need to trust OpenSig to return the oldest vault file containing the file's hash).
Different kinds of vault could be supported:
All vaults could contain: