Documentation
/
IPENtool
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
IPENtool/docs/Verify Signature.md

2.1 KiB
Raw Permalink Blame History

Verify a Signature

With IPENtool

  1. Open IPENtool.
  2. Click Analyse PDF.
  3. Select the PDF file to verify and press Open.
  4. If prompted to create a key, and you are not a notary, just leave the box blank and press OK. This will generate a key with no password. A key is required for technical reasons, even if it's never used.
  5. You'll be presented with a popup containing information about the signature validity, the notary involved, technical information about the notary's digital signature, and (if available) a witness statement from the Bitcoin network independently attesting to the date the document was signed.
  6. If the popup says it was unable to verify signature authenticity, and you have the public key file of the notary who signed it, follow the instructions shown to import the notary's public key. Then follow steps 2 through 5 again.

Manually

Note: These instructions assume proficency with advanced computer software. If you can't understand what to do, a senior computer programmer or Linux system administrator should be able to help.

  1. First, the PGP digital signature block must be extracted from the PDF. Using a hex editor, go to the end of the file and look for %%EOF. Everything after thr %%EOF is the signature. Put it in its own file and remove it from the PDF.
  2. Generate the SHA256 hash of the PDF file.
  3. Run gpg --decrypt extracted-signature-data.file. You should see information including the original PDF hash, the date and time of signing (UNIX timestamp), the notary's name and state, and PGP signature information such as date and key fingerprint.
  4. If the decrypted signature contains a block of numbers preceded with OTS:, the signature timestamp has been recorded in the Bitcoin blockchain using the OpenTimestamps project. The numerical data, when split into groups of three digits, is an array of bytes that consist of an OTS proof file. Convert the array into a file and upload it (and the PDF sans signature) to opentimestamps.org to confirm the date and approximate time of signing.