-
Notifications
You must be signed in to change notification settings - Fork 0
How does it work?
In this section, I'm explaining how the whole project works. I try to keep everything simple and technically correct!
The first step is the file creation, for this the app accesses the camera and or microphone of the device. Depending on what you use. It will then capture your input and save it to a file after you are done. The files are named with nanoid names to guarantee uniqueness. These files are stored in the app folder. (On Android the images & video files are also saved to the Gallery)
As soon as the file is stored it will be hashed with SHA-256 with 256-bit length. The whole hashing process happens on the device, so don't worry about privacy. A foreground notification will popup where you can track the progress.
After having is done the hash and file path are passed to the next stage, the SubmissionPage.
Here the hash will be displayed and the file path is used if you want to share the file). If you now press submit, the app will simply send the hash to the backend, where it will be signed. For this, the ECDSA algorithm is used, which will sign the hash with the private key of the backend.This is done to prevent other apps from claiming to be this one, as everyone can post anything to Blockchains.
After a signature has been applied the data is sent to Originstamp, which is a service that sends the hash to the blockchain. I'm attaching the signature as a comment which allows me to verify the originality later on. Originstamp will now, in turn, submit the data to the Bitcoin and Ethereum chains, which takes approx. 24h. Afterwards you can easily verify if a file has been modified or not.
If you have attached your E-Mail in the settings, it will be sent to the backend, encrypted, and together with the IV attached to a webhook callback. As soon as your data has been persisted, you will get an E-Mail with a document that allows you to verify your file independently of the app. (Note: Signatures can't be verified, so for now try to use the app / website whenever possible)
The process is rather simple:
- You select your file to verify
- The file is hashed
- The backend queries Originstamp for submission against the hash
- If found the app recives the stored data
- Now the app attempts to verify the included signature with the (currently) hardcoded public key in the app
- If everything is fine the app will tell you so
- You can view your transaction in a blockchain explorer for further information.
This option uses the Originstamp website, to make sure your file has been submitted there.
You can't verify if the file has been signed by this app, due to the data signature beeing stored by Originstamp, so proceed with a bit of caution
- Go to originstamp
- Click the image on the right
- Upload your file
- Wait and review the result
TODO For now visit: docs.originstamp.com and follow the steps there.
- Go to the websites verify page
- Click to upload a document
- Submit the captcha
- View the checkmarks at the bottom changing (it may take some time for large files)
Stay up to date: Mastodon