1

Given, I want to create a document (text-only for the sake of this question) and give it to someone I do not trust. I am not allowed to publish it myself. It's probably not going to be published (publicly) anyway.

But in case it is published later on, I want to make sure:

  • that it was not altered
  • that it was not be split up in part (or parts omitted)

and be claimed that the altered version was mine.

What options do I have with today's (broadly available) technology to prevent changes?

Context

Think about Robert Mueller handing over his report on the Russia investigation to William Barr. He may want to make sure, that there will be no manipulations to the report.

Note: This is not an email, so classic email signing will probably not work.

Note2: It should prove the readable text, not a digital blob

Note3: It should be verifiyable by the broad public, not only by some specialists.

What I tried

Here's what I would do today: (But I hope someone comes up with a better way, addressing especially Note3 more usefully)

  • create a PDF
  • Create an SHA256 hash sum of it
  • Tweet the hash sum publicly
  • hand over the document to the untrusted party.

However, this solution is

  • not easily proovable by the broad public
  • does not allow to take a printed or otherwise published text and proove it from there
  • It's not sure, whether I might be allowed to publish the hash sum when I am not allowed to publish the full document
Marcel
  • 3,494
  • 1
  • 18
  • 35
  • Create a digital signature for a document and attach to it is nothing new. There are tons of ready solution / services out there. – mootmoot Feb 26 '19 at 10:54
  • @mootmoot I know of methods to sign files (blob's effectively), but I am looking into actually sign the text content of a file, not the file itself. I edited the title slightly to emphasize this. – Marcel Feb 26 '19 at 11:57
  • 1
    @Marcel you want to combine signing with timestamping. Sign the document, send the hash of the signed document to a digital timestamping service. Then you can prove that version existed prior to publication, and you can counter claims that you would have provided another version by demanding proof that they received THAT OTHER version. You can also make use of copyright licenses that forbid distributing modified versions as a legal protection. – Natanael Feb 26 '19 at 14:02
  • 1
    ...note that even if you _do_ publish a hash, it's not going to stop the other party from going "He's lying about what he sent us! **This** _is_ the document he sent us!" Which one is believed is then going to depend on the listening/reading audience. (Note that, if your communication chain is compromised, it's possible for both parties to actually be telling the truth....) – Clockwork-Muse Feb 26 '19 at 23:18

2 Answers2

1

Firstly, Make your work a notarized document. Establish a legal contract with the third party to publish your work without alteration. As far as I know, in most countries, without a contract you will remain the sole owner of your work.

Secondly, publish the hash of your document as you suggested.

When the third party publish an altered version of your document, they will break the contract and you will not be bound by it anymore. Then, you will be able to prove ownership of the original by publishing it and pointing to the hash, and in front of a court you will be able to produce the contract and the notarized document.

I'm not a lawyer and I do not know the law where you live, so you might want to seek a proper legal counsel. Especially about agreeing to a contract that covers yourself in case of a dispute.

A. Hersean
  • 10,046
  • 3
  • 28
  • 42
  • OK, this might work where I live, but I was looking more for a (cheap) technical solution, not a legal one. – Marcel Feb 26 '19 at 15:10
  • @Marcel You stated that you are not allowed to publish your document yourself : this is a legal matter, not a technical one. The answer to this question needs to be a legal one. – A. Hersean Feb 26 '19 at 16:03
  • No, it doesn't necessarily need a legal answer. Sometimes it's worth to do illegal things for the greater good. And there are technical solutions for this. – Esa Jokinen Feb 26 '19 at 16:28
  • 1
    @EsaJokinen As far as I understand, the OP is not asking for the "greater good" but is asking how to protect his rights against someone not trustworthy. – A. Hersean Feb 26 '19 at 16:46
1

(Something old...) There's this fresh innovation Pretty Good Privacy (PGP). It has been around for almost thirty years and it can sign plain text for both authenticity and integrity. The PGP is known of and widely used for signing email messages, but it has a support for clearsigned text documents. In practice you could sign a message using gpg --clearsign.

Usually gpg --verify is enough for verifying the signature, but --decrypt also prints out the message.

$ gpg --decrypt poc.txt
This is a proof of concept PGP signed text message
for security.stackexchange.com/questions/204285/
gpg: Signature made Tue 26 Feb 2019 03:34:44 PM EET
gpg:                using RSA key XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
gpg: Good signature from "Alice <alice@example.com>" [ultimate]

For printed documents the problem is the characters that doesn't show or resembles another character, so there are some limitations. It's not practical to digitize the printout as even a single difference will cause the verification fail. Even a short example message like this is not so simple, as it might have line breaks. Before printing...

  • was there just a new line 0x0A or did it also have a carriage return 0x0D0A,
  • was there a space before the new line 0x200A or them both 0x200D0A,
  • or was it just a space 0x20 alone and the line break was added during printing.

HEX+ASCII view of the message.

That's why its better to keep a digital copy even if it's just a plain text message. It's easy to compare the two printouts and verify the digital version of the original. There's no need to verify the modified paper copy.

The PGP signature verifies that you have signed the message as long as you can proof that the key used for signing was yours. On the other hand, the time on the signature can't be trusted as you can fabricate it. You would have to provably publish the signature somewhere. You can publish the signature without the original message as it only contains (SHA256) checksum that is affiliated with your public key. It's a proof that your private key has signed the message in that precise form.

(...something new...) Take a hash of the file, just like in the PGP solution, or even the whole signature, depending on whether you wan't it to be linked to you or not. Put it on a blockchain (e.g. Bitcoin; you can see a lot of them in cryptograffiti.info). Now you have proof of that document existing in that exact form on that specific time, and it'll stay there forever.

As hash algorithms utilizes one-way functions, the hash doesn't reveal the contents of the file. However, anyone having the file can also take the hash and compare it to the one published. Depending on the situation you might want to be associated with the file or not:

  • You may want to be acknowledged as the creator and prevent someone else from patenting your invention (...something borrowed..).

  • Or you may have communicated or even leaked something confidential and don't want to have your eye to be the "something blue". These are the tools; use them wisely.

Esa Jokinen
  • 16,100
  • 5
  • 50
  • 55
  • I never thought to use PGP for a non-encryption, non-email usage, but that was just my lack of understanding PGP. Great answer, including the blockchain idea. – Marcel Feb 26 '19 at 20:54
  • I just want to be clear on my intents: In my case I want to be attributed as the author of said document, but only to the exact version I provided to the other party (should they ever choose to publish it). – Marcel Feb 26 '19 at 20:57