CertiMint is an easy and reliable way to notarise and authenticate your data online, using blockchain. But the way it works could perhaps use some explanation. In this article we tell you what CertiMint can do for your company, while giving you some useful background information about the process.
How does sealing work?
Imagine that you have a document you want to notarise, like the deed to real estate, a contract, a will, … You want a document like that notarised for four reasons:
- You want to prove that the document existed at a certain point in time: proof of existence
- You want to prove that the document has not been modified since that moment in time: proof of integrity.
- You want to prove that you, and other parties involved, have signed the document: proof of signature
- You want a third party, often a notary, to guarantee that your document is set up according to the law and in the best interest of you and the other parties involved: proof of correctness
We can use blockchain and cryptography to achieve the first three points. First of all, you need to create a digital fingerprint of your file. As long as the file doesn’t change, this digital fingerprint will stay the same too. If you would create that fingerprint today, and you get the same result when creating the fingerprint again in a year, you can prove that the file has not been changed that year (proof of integrity). By adding that fingerprint to the blockchain, you can prove something else: that the document existed on the day it was added to the blockchain. Data on blockchain is immutable, which means no one can change or delete what was added, thus making this a valid proof of existence.
So how does this work exactly? The creation of a digital fingerprint happens through a process that’s called hashing. That means that a pretty big chunk of data, like an entire PDF document, is transformed into a much shorter string of characters by using a cryptographic algorithm. It’s like a complex mathematical formula that is used on the PDF, that in the end results in a hexadecimal number. With CertiMint, you have the option to take care of this hashing process yourself or let the CertiMint system take care of that for you. When uploading a file, you’ll see there is a checkbox: “Do you want to store this file in CertiMint? 1) Yes, store this file in CertiMint too. 2) No, don’t store this file in CertiMint, only store the certificate of proof”. If you pick the first option, CertiMint will hash your file for you and store the file on the CertiMint servers. If you pick the second, the web app will create the hash for you and the file will stay on your computer. If you even want to do the hashing yourself, you can choose to upload a hash instead of a file. The biggest benefit of hashing yourself is that you are in control of what hashing algorithm is used, but you will have to remember the exact algorithm to be able to reproduce the hash later on to verify the seal. If you let CertiMint take care of the hashing, you store the file on the CertiMint servers and let the system create the hash for you.
Once the hash is created, the next step is to make sure it ends up in the immutable ledger on the blockchain. We could send a blockchain transaction for every hash that is created, but to make the whole process more performant, we group hashes together using something that’s called a Merkle tree.
If we start at the bottom of the drawing, we take hashes in pairs of two and create a new hash from each pair. We repeat that process until we’re left with one final hash, containing all other hashes: the Merkle root. It’s this Merkle root that will be added to the blockchain, at certain intervals. CertiMint sends a Merkle root to the ethereum mainnet once an hour.
How does verification work?
While creating the Merkle root, Certimint also saves something else in the database: the Merkle proof. If you download your receipt, you can see what that proof looks like.
This proof looks quite complicated, but what it does is keep track of where in the Merkle tree the hash of your document is stored, so that you can find it back later. With a Merkle proof, you can prove that a hash is part of a Merkle tree. If you want to use the CertiMint verification feature, you just need to upload your document again, together with the receipt which holds this Merkle proof. CertiMint will then make a new hash of the file, and with the Merkle proof verify if this hash is in the Merkle root. If that is the case, you know that the exact same document was hashed and that the hash was added to the blockchain at that specific time, proving the document exists and has not changed since then. Every hash can be verified without access to the actual data, so the data remains 100% private.
How does the e-signature work?
Blockchain transactions, which are used to put data on the blockchain, need to be signed with something called a private key. This private key is like a physical signature: it is linked to you, and only you, and can thus be used as your digital signature.
With CertiMint, you can invite people to sign documents you uploaded to the CertiMint servers (not the ones you hashed yourself) through their email address. They will get an invite in their mailbox, and after making their own CertiMint account, they can sign with the press of a button. Their private key will be used to create a signed transaction containing the hashed data of the sign invite, including which document is signed and who invited them to sign it. In the same way that you can verify a seal, you can verify if someone actually signed a document. After signing, the signer receives a blockchain certificate in his or her mailbox. These signatures will also be added to the receipt of the original seal of the document.
What is the difference between a ‘dapp’ and a ‘dapi’?
If you want to use CertiMint, you always have two options. One is using the user interface, which you can visit on https://dapp.certimint.com, and which allows you to seal, verify and send sign invites in a nice web application. This application is called a ‘dapp’, or ‘distributed app’, since it communicates with a distributed system: the blockchain. If you just want to seal a file every now and then, you can very well keep using the dapp, but if you need to seal files more often or if you want to seal a lot of data, you can also use CertiMint’s ‘dapi’, or ‘distributed API’. This is located at https://dapi.certimint.com, and it is a very simple RESTful API every web developer should know how to interact with. No blockchain experience or infrastructure is needed to work with the dapi, and it can be integrated quickly and easily, in a matter of hours.
We hope that this article has given you a clear picture of the extensive possibilities of CertiMint, and how they can prove the existence, integrity and signature of any file or data. Can your business use some blockchain-based trust? Start your free trial now.