Taking pictures of that document and then digitally sign the image files will give you what you need. But of course, the jurisdiction that you live in must recognize digital signatures as binding. AFAIK, most countries do nowadays.
There is more needed for "self-authentication" .
First thought is that you need a TTP (trusted third party), this should be some notary with a digital verification service or trusted database that stores hashes over the document.
First thought is that you need a TTP (trusted third party), this should be some notary with a digital verification service or trusted database that stores hashes over the document.
Like if somebody sent me a document that was supposedly digitally signed, and I open it and it says it's digitally signed, what the heck does that mean?—it seems easy to have a fraudulent confirmation of authenticity that would look the same to me.
Hash it. Put the hash in a blockchain.
Sent from my iPhone using Tapatalk
I'm looking for ways to produce a hard copy contract which in its own right is "self-authenticating". Basically, to prove that a particular copy of the contract (and all its individual pages) is authentic. For example, to negate the argument of altered pages replacing original ones.
Hash it. Put the hash in a blockchain.
Sent from my iPhone using TapatalkAnd which secure hash will last for lets say 40 years ?
What if the hash algo is hacked who will and can re-authenticate all the docs?
I'm looking for ways to produce a hard copy contract which in its own right is "self-authenticating". Basically, to prove that a particular copy of the contract (and all its individual pages) is authentic. For example, to negate the argument of altered pages replacing original ones.
People and organisations like wikileaks are now using blockchain to prove a documents authenticity and chronology.
When I was writing contracts, the procedure was:
- send two signed paper copies to the other party
- get them to return one signed paper copy
- carefully check that no alterations had been made to the contract, e.g. by signing and dating the changes
When I was writing contracts, the procedure was:
- send two signed paper copies to the other party
- get them to return one signed paper copy
- carefully check that no alterations had been made to the contract, e.g. by signing and dating the changes
I think I'll just do that. Keep it simple. Of course I will make digital copies (of both) so that the hard copies can always be compared to the digital ones. I don't anticipate there ever being a dispute, but it's an arse covering exercise. If it's good enough for the banks, it's good enough for my purposes.
All parties will be signing each of the copies (along with the witnesses) at the same time and location anyway, so it makes collecting and scanning them easy.
You still need some sort of trusted way of validating the signature. Even if you sign with a private key, the public key has to be deposited in a trusted location, otherwise at any time you could create a new key pair, sign a new document, and just say "no, *this* is the public key we signed against, honest!" Even if both parties to a document sign
...
So one way or another, you need an out-of-band way of verifying that the claimed public keys are the same ones that were used in the original signing. You could use an open public key server if you trust it sufficiently, or you could have a printed copy of your public keys notarized, or I guess you could use a certificate from any of the major signing authorities.
But the topic in discussion is about data Integrity, not Confidentiality. They are separate cryptography domains, OP is not looking to encrypt the data, but to ensure the data was not altered.
I'm looking for ways to produce a hard copy contract which in its own right is "self-authenticating". Basically, to prove that a particular copy of the contract (and all its individual pages) is authentic. For example, to negate the argument of altered pages replacing original ones.
Then there's the way that some (all?) colour photocopiers encode their own serial numbers into documents they print, for law enforcement traceability. They add a pattern of tiny yellow ink dots to each page.
Edit: It's not clear from your question WHO you want to be able to verify the document in future. You, or the other party, or both?
But the topic in discussion is about data Integrity, not Confidentiality. They are separate cryptography domains, OP is not looking to encrypt the data, but to ensure the data was not altered.
Indeed, but hashing and blockchains are sufficiently "close" to encryption that the aphorism is relevant here - mutatis mutandis of course.