To sign a document for the first time you need an OpenSig identity, which your OpenSig client can generate for you. Your OpenSig identity consists of a private key, which is held securely in your local OpenSig client, and a public key, which you may safely publish to whoever you want to identify you. To sign a document the OpenSig client generates a digital signature constructed from your public key and a unique fingerprint of the file contents, which it then signs with your private key. The digital signature is published on a publicly owned, global, decentralised ledger, known as the blockchain, in the form of a dated transaction, leaving the original document untouched. Once a signature has been accepted by the blockchain network it cannot be corrupted and will remain on the blockchain forever, allowing anyone in the future to verify the document's authenticity and integrity.
During the signing process the document remains securely on your device. The only information that leaves your device is the document's fingerprint and your public key. It is impossible for the document to be derived from its fingerprint or for your private key to be generated from your public key.
Like a stamp on a letter, a small fee is required to publish the signature on the blockchain network. This fee does not go to OpenSig, rather it compensates the members of the public who maintain the blockchain network and is paid as a transaction fee when you publish a signature. The precise transaction fee varies over time but is around a few cents per signature.
The document's fingerprint is a blockchain address generated from an ECDSA compliant SHA-256 hash of the file's contents. Your public key is also a blockchain address. To sign the document the OpenSig client creates and publishes a blockchain transaction, signed by your private key, which spends the smallest amount of funds from your blockchain address to the document's blockchain address.
When given the file to verify, OpenSig uses the same hashing algorithm to generate the document's blockchain address and queries the blockchain for all input transactions to that address. From each transaction OpenSig displays the signee's public address and the date of the transaction.
OpenSig v1.0 uses the Bitcoin blockchain. In the future other blockchain technology will be supported, providing a choice of platform for your OpenSig signatures that best suits your application.
Anyone in possession of a copy of the original electronic document can use an OpenSig client to determine who has signed it or to verify the document's authenticity. Given the original document, the OpenSig client queries the blockchain for digital signatures corresponding to the document's fingerprint, and provides you with the public identity of each person who has signed the document along with the date of the signature. Provided each signee has shared their public identity with you then you can verify who signed the document and and when they signed it. If the document has been altered since it was signed then it's fingerprint will be different and the signatures will not be found on the blockchain.
During the verification process the document remains securely on your device - only the document's fingerprint is used to query the blockchain.
Without your private identity, your public identity cannot be used to sign documents. Therefore your public identity can be sent to anyone who is interested in verifying documents that you have signed. Your public identity can be shared over any unsecured medium, such as by post or email, published on your website or on social media, or printed on your business card.
You can have as many OpenSig identities as you want, perhaps using a different identity for each different role you play in your life, sharing your public identity only with those people linked to that particular role.
A proof-of-concept command line OpenSig client is available for download on github here. Follow the instructions in the ReadMe to install.
GUI based clients for PC, Mac, Linux, Android and iOS are in development.
Follow your OpenSig client instructions to create one or more private keys, or import your own. For example, using the command line OpenSig client type
opensig create wallet
opensig create -s MyLabel
to create a new key with the label 'MyLabel'.
Send funds to your blockchain address or use a 3rd party payment gateway to buy some. An OpenSig payment gateway will be coming soon.
Share your OpenSig public key with whomever you want to verify your signatures. If using the OpenSig command line client, use
opensig info wallet -o
to view all your public keys. Then type
opensig sign my_file -p
to sign your file.