|
Witnessing GenuineFile digital notarization process
GenuineFile doesn't need to be a trusted third party because our notarization process is widely witnessed. You are free to get a copy of all fingerprints stored with GenuineFile, and verify them yourself. Below is a detailed description of our digital notarization process to help you in verifying our records.
Digital Fingerprints
For each fingerprint, the following fields are stored in our database (field names are the same as in the XML dumps):
| field name | description |
|---|
| hash_id | unique fingerprint identifier, a number |
| client_id | unique identifier of the client who created the digital fingerprint, a number |
| type | type of fingerprint, 'file' for GenuineFile notarizations, 'webpage' for GenuineDoc ones. GenuineDoc uses the same database and provides the same XML dump but the meaning of fields is different, click here for description of GenuineDoc fields |
| hash_algorithm | hash (fingerprint) algorithm, 'md5' or 'sha' |
| salt | always empty sring, not used in GenuineFile notarizations |
| hash | hex-encoded (in lower case) result of applying hash function (identified by hash_algorithm) to the contents of the file being fingerprinted; this field is 32 byte long when using md5 hash algorithm, or 40 byte long when using sha algorithm |
| url | always empty sring, not used in GenuineFile notarizations |
| truncated_hashed_text | always empty sring, not used in GenuineFile notarizations |
| filename | original name of the file |
| title | title of the file entered by the author |
| description | description of the file entered by the author |
| meta | any additional informaion about the file provided by the author |
| auth_cert_id | the id of the previously stored certificate the author used to authenticate; it is zero if the author was authenticated by password |
| pkcs7 | optional author's signature, base-64 encoded, with standard PKCS7 headers and footers |
| creation_date | the date and time when the fingerprint was entered into GenuineFile database, according to local clock; date and time format is YY-MM-DD hh:mm:ss |
| true_creation_date | same as above but the time is determined by polling several internet time servers; shouldn't differ much from creation_date |
| cost | the amount paid by the client for submitting the fingerprint |
| integrity_hash | an integrity hash calculated on all previous fields; it is calculated by applying MD5 hash algorithm to the concatenation of the following fields and strings:
'<hash_id>', hash_id, '</hash_id>',
'<client_id>', client_id, '</client_id>',
'<hash_algorithm>', hash_algorithm, '</hash_algorithm>',
'<salt>', salt, '</salt>',
'<hash>', hash, '</hash>',
'<url>', url, '</url>',
'<filename>', filename, '</filename>',
'<title>', title, '</title>',
'<description>', description, '</description>',
'<meta>', meta, '</meta>',
'<auth_cert_id>', auth_cert_id, '</auth_cert_id>',
'<pkcs7>', pkcs7, '</pkcs7>',
'<creation_date>', creation_date, '</creation_date>',
'<true_creation_date>', true_creation_date, '</true_creation_date>',
'<cost>', cost, '</cost>'
no encoding is applied to the field values, so this is not a well-formed XML; the md5 hash is hex-encoded (in lower case), so the integrity_hash length is always 32 bytes |
| hash_set_id | id of the set this fingerprint is a member of |
| admin_pkcs7 | admin signature on the concatenation of hash_set_id and integrity_hash; to verify the admin_pkcs7, you'll need to trust our admin's certificate |
| deleted | 1 if the fingerprint was removed by admin, 0 otherwise |
| deletion_date | date and time when the fingerprint was deleted (if the previous field is 1); date and time format is YY-MM-DD hh:mm:ss |
| admin_deletion_pkcs7 | admin signature on the concatenation of the fields admin_pkcs7, deleted, and deletion_date; the signature is also timestamped; empty if the client's fingerprint was not deleted; to verify the admin_deletion_pkcs7, you'll need to trust our admin's certificate |
|
Fields hash_id to integrity_hash are filled in at the time of fingerprint submition. Later, usually within 24 hours after that, several fingerprints are grouped into a set, then the fields hash_set_id and admin_pkcs7 are filled in. The last three fields are filled in only if the fingerprint is removed by admin. The set is also digitally signed and timestamped. Below is a description of fields contained in the set (field names are the same as in the XML dumps):
| set field name | description |
|---|
| hash_set_id | unique identifier of the fingerprint set, a number |
| set_creation_date | the date and time when the set was created; date and time format is YY-MM-DD hh:mm:ss |
| set_admin_pkcs7 | admin signature on the concatenation of admin_pkcs7 fields of all fingerprints comprising the set ordered by hash_id; the signature is also timestamped; to verify this field, you'll need to trust our admin's certificate |
|
All signatures are base-64 encoded and enclosed by standard -----BEGIN PKCS7----- header and -----END PKCS7----- footer; all dates are in YY-MM-DD hh:mm:ss format.
Admin Certificate
To verify GenuineFile admin's signatures, you'll need to install and trust his digital certificate. Click here to download it. Select 'Open' when prompted by your browser (or 'Save' and then double click the saved genuinedoc.cer file), then click 'Install certificate' and follow the instructions.
Verification
The above description gives you enough information to write your own program for verifying our fingerprint sets. In fact, such program has already been written, you can download the program itself and the source code.
Back to help index
|
|
