What is OpenSig?
OpenSig is a simple yet powerful standalone e-signature app for digitally signing documents on the blockchain.
Privacy is paramount. Documents are never uploaded and signatures published to the blockchain cannot be identified or decrypted without the original document. This means confidential documents can be signed with confidence and without having to trust a third party.
OpenSig's annotation feature can be used to annotate signatures with a purpose, message, url or other data.
Annotations are written to the blockchain alongside the signature and are encrypted by default so that only users with the original document can read them.
If unencrypted, annotations are publicly readable and can be used to notarise public messages to the blockchain (see Public Notice Boards).
OpenSig will always be open source. No account is necessary and multiple chains are supported. OpenSig does not charge for publishing signatures, you only pay the blockchain transaction fee. View the source code here.
Features
- Proof of Existence - A signature notarises a unique fingerprint of the document on the blockchain providing secure proof that the document existed at the time the signature was published.
- Proof of Possession - A signature is cryptographically linked to the signer's public id (blockchain address) proving the signer possessed the document at the time of signing.
- Non-repudiable - The immutability of the blockchain ensures signatures cannot be repudiated.
- Annotations - OpenSig's annotation feature lets signers include a short message, url or other data with their signature. This message is then visible to anyone who passes the document to OpenSig for verification. It can be used, for example, to record the purpose for the signature.
- Linkable - Annotations can be used to link to external files or urls, for example to point to a previous version of the document, a backup of the document, a Bubble or an IPFS content ID.
Uses
- Digitally signing documents and contracts.
- Protecting your creations against future copyright challenges.
- Notarising public messages to the blockchain.
- Publishing public links to files on decentralised storage.
Sharing Documents For Signing
OpenSig, in it's current form, does not support the sharing of documents for signing. However, this means you are free to share your document using whatever method suits you, whether that's by email, a messaging app, a cloud file server or a secure private CMS.
For files in the public domain you can create a shareable OpenSig link using the verify parameter, e.g.:
https://opensig.net?verify=https://bitcoinwhitepaper.co/bitcoin.pdf
Let us know if you would benefit from OpenSig having secure document sharing built in. Contact us by email or join the Bubble Protocol discord server and help direct the future of the app.
Supported Chains
- Ethereum mainnet
- Polygon mainnet (add to metamask)
- Avalanche (add to metamask)
- Binance Smart Chain (add to metamask)
- Ethereum Sepolia testnet (add to metamask)
- BASE Goerli testnet (add to metamask)
More chains will be added over time. Email us or join the Bubble Protocol discord server to request a different network.
Public Notice Boards
Public notice boards can be used to notarise public messages to the blockchain. They are publicly available files that anyone can sign to publish their message in the signature's data field. Since the files are public, anyone can open them in OpenSig for verification allowing all signatures and their messages to be seen.
Any publicly available file can, in principle, be used as a public notice board. The following is a list of known files. Click on a file name to open it in OpenSig.
| Notice Board | Public File | Description |
|---|---|---|
| Public message board | Empty file | For any purpose, no restrictions |
If you would like to list your notice board here or have an idea for one, Email us or join the Bubble Protocol discord server.
How it works
Signatures are generated locally on the user's machine and then published to the blockchain. The only data that leaves the user's computer is the signature and any message included with it. The document remains local and secure. If the message is encrypted then it can only be decrypted by those in possession of the original document.
Signatures are SHA-256 hashes derived from the hash of the document combined with the previous signature, creating a chain of signatures unique to each document (see Figure 1). The signature chain is deterministic provided the user is in possession of the original document. Without the original document, signatures published to the blockchain cannot be traced to the document or to each other. With the original document, signatures on the blockchain can be read and any encrypted data fields decrypted. To prevent replay attacks the chain of signatures derived from a document is different for each blockchain.
Signatures are registered with an OpenSig Registry contract on the blockchain. The registry ensures signatures can only be published once. There is exactly one registry per supported blockchain. Registering a signature generates an event log containing the block time, signatory, signature and user data. It is these event logs that are read when verifying a document.
The user data is optionally AES-GCM encrypted using the document hash as the private key.
Figure 1: cryptography overview.
Signatures are hashes derived deterministically from the document and the blockchain ID, each hash chained to the last. The chain of hashes guarantees that, in the absence of the original document, published signatures cannot be traced to the document or to each other. Neither the document nor it's original hash ever leave the user's device ensuring complete privacy and security, suitable even for top-secret documents.Registry Contracts
OpenSig uses a single smart contract on each supported blockchain. The address of each contract is below.
| Blockchain | Contract Address |
|---|---|
| Ethereum | 0x73eF7A3643aCbC3D616Bd5f7Ee5153Aa5f14DB30 |
| Polygon | 0x4037E81D79aD0E917De012dE009ff41c740BB453 |
| Avalanche | 0xF6656646ECf7bD4100ec0014163F6CaD44eA1715 |
| Binance Smart Chain | 0xF6656646ECf7bD4100ec0014163F6CaD44eA1715 |
| Sepolia Testnet | 0xF6656646ECf7bD4100ec0014163F6CaD44eA1715 |
| BASE Goerli Testnet | 0x0E06f4d4BC550A28aF7078ad20b3cB97C014973e |
The contract source code can be found here.
License
OpenSig is open source software licensed under the MIT License.